Bug ID 1207971
Summary VUL-0: CVE-2022-28923: caddy: an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.4
Hardware Other
URL https://smash.suse.de/issue/356318/
OS Other
Status NEW
Severity Minor
Priority P5 - None
Component Security
Assignee alexandre.vicenzi@suse.com
Reporter thomas.leroy@suse.com
QA Contact security-team@suse.de
Found By Security Response Team
Blocker --- 

rh#2167571

Caddy v2.4.6 was discovered to contain an open redirection vulnerability which
allows attackers to redirect users to phishing websites via crafted URLs.

https://lednerb.de/en/publications/responsible-disclosure/caddy-open-redirect-vulnerability/

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2167571
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28923
https://www.cve.org/CVERecord?id=CVE-2022-28923
https://lednerb.de/en/publications/responsible-disclosure/caddy-open-redirect-vulnerability/

You are receiving this mail because: