Miggo Logo
Miggo Vulnerability Database
CVE-2022-28923

CVE-2022-28923: Open Redirect in Caddy

6.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-28923
GHSA ID
GHSA-qpm3-vr34-h8w8
EPSS Score
0.93807%
CWE
CWE-601
Published
2/7/2023
Updated
5/20/2024
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/caddyserver/caddy/v2go< 2.5.0-beta.12.5.0-beta.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

  1. The patch removes url.PathUnescape in SanitizedPathJoin, indicating improper unescaping allowed crafted paths. 2. The directoryListing URL construction changes (adding './' prefix) show previous vulnerability to colon-based scheme injection. Both functions directly relate to path handling and URL generation mechanisms described in the vulnerability reports and exploit PoC.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

****y v*.*.* w*s *is*ov*r** to *ont*in *n op*n r**ir**tion vuln*r**ility w*i** *llows *tt**k*rs to r**ir**t us*rs to p*is*in* w**sit*s vi* *r**t** URLs

Reasoning

*. T** p*t** r*mov*s url.P*t*Un*s**p* in S*nitiz**P*t*Join, in*i**tin* improp*r un*s**pin* *llow** *r**t** p*t*s. *. T** *ir**toryListin* URL *onstru*tion ***n**s (***in* './' pr**ix) s*ow pr*vious vuln*r**ility to *olon-**s** s***m* inj**tion. *ot*