Open Redirection Vulnerability in Caddy Web Server by Caddy Labs
CVE-2022-28923

6.1MEDIUM

Key Information:

Vendor: Caddyserver
Status: Caddy
Vendor: CVE Published:; 6 February 2023

🔔 Create Caddyserver Vulnerability Alert

What is CVE-2022-28923?

The Caddy Web Server version 2.4.6 has been identified with an open redirection vulnerability. This flaw allows attackers to manipulate users into being redirected to malicious or phishing websites through specially crafted URLs. By exploiting this vulnerability, attackers gain the ability to deceive users, potentially leading to credential theft or other forms of cybersecurity threats.

References

https://lednerb.de/en/publications/responsible-disclosure...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2023
Vulnerability Reserved
Apr 11, 2022

CVE-2022-28923 Data

JSON