CVE-2022-29718

EUVD-2022-5889
Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
caddyservercaddy
2.4.0 ≤
𝑥
< 2.5.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
caddy
bookworm
2.6.2-5
fixed
sid
2.6.2-8
fixed
Common Weakness Enumeration
References
https://github.com/caddyserver/caddy/pull/4499
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP2VIUT5IKA3OKM6YWA5LTLJ2GTEIH7C/
https://github.com/caddyserver/caddy/pull/4499
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP2VIUT5IKA3OKM6YWA5LTLJ2GTEIH7C/