Open Redirect Vulnerability in Caddy Web Server by Caddy Server
CVE-2022-29718

6.1MEDIUM

Key Information:

Vendor: Caddyserver
Status: Caddy
Vendor: CVE Published:; 2 June 2022

🔔 Create Caddyserver Vulnerability Alert

What is CVE-2022-29718?

Caddy v2.4 is vulnerable to an open redirect issue, enabling unauthenticated remote attackers to exploit this vulnerability. By crafting malicious links, attackers can trick users into clicking them, resulting in unauthorized redirection to arbitrary web URLs. This poses a significant security risk as it can be used for phishing and other forms of social engineering attacks.

References

https://github.com/caddyserver/caddy/pull/4499

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2022
Vulnerability Reserved
Apr 25, 2022

CVE-2022-29718 Data

JSON