CVE-2022-28923: URL Redirection to Untrusted Site ('Open Redirect')

February 7, 2023 (updated February 15, 2023)

Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.

References

github.com/advisories/GHSA-qpm3-vr34-h8w8
github.com/caddyserver/caddy/commit/78b5356f2b1945a90de1ef7f2c7669d82098edbd
lednerb.de/en/publications/responsible-disclosure/caddy-open-redirect-vulnerability/
nvd.nist.gov/vuln/detail/CVE-2022-28923

Detect and mitigate CVE-2022-28923 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →