Open Redirect Vulnerability in SHIRASAGI Product by SS Project
CVE-2022-43479

6.1MEDIUM

Key Information:

Vendor: Shirasagi Project
Status: Shirasagi
Vendor: CVE Published:; 5 December 2022

🔔 Create Shirasagi Project Vulnerability Alert

What is CVE-2022-43479?

The SHIRASAGI application, versions v1.14.4 to v1.15.0, contains an open redirect vulnerability that permits remote unauthenticated attackers to redirect users to arbitrary external websites. This can be exploited to conduct phishing attacks, deceiving users into visiting malicious sites that may lead to credential theft or malware installation. Implementing proper input validation and user notification mechanisms can help mitigate the risks associated with this vulnerability.

Affected Version(s)

SHIRASAGI v1.14.4 to v1.15.0

References

https://www.ss-proj.org/

https://github.com/shirasagi/shirasagi

https://www.ss-proj.org/support/928.html

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2022
Vulnerability Reserved
Oct 20, 2022