CVE-2022-23078 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 41%

Affected Products (NVD)

Vendor	Product	Version
habitica	habitica	4.119.0 ≤ 𝑥 < 4.233.0

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References

https://github.com/HabitRPG/habitica/commit/5bcfdbe066e8c899f3ecf3fdcdbacc2ecba7f02f

https://www.mend.io/vulnerability-database/CVE-2022-23078

https://github.com/HabitRPG/habitica/commit/5bcfdbe066e8c899f3ecf3fdcdbacc2ecba7f02f

https://www.mend.io/vulnerability-database/CVE-2022-23078