Miggo Logo
Miggo Vulnerability Database
CVE-2022-47500

CVE-2022-47500: Apache Helix UI vulnerable to Open Redirect

6.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-47500
GHSA ID
GHSA-mhxg-2xf7-4xwx
EPSS Score
0.73213%
CWE
CWE-601
Published
12/19/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.helix:helixmaven>= 0.8.0, < 1.1.01.1.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from an improperly designed forwarding component that was removed in the fix. While exact function names/paths aren't disclosed in available sources, the advisory explicitly states: 1) Open redirect occurred through UI embedding functionality 2) The solution was removing the forward component 3) This aligns with CWE-601 patterns where unvalidated redirect URLs are passed through forwarding mechanisms. The high confidence comes from the vendor's own root cause analysis identifying the forwarding component as the vulnerable element.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

URL R**ir**tion to Untrust** Sit* ('Op*n R**ir**t') vuln*r**ility in *p**** So*tw*r* *oun**tion *p**** **lix UI *ompon*nt.T*is issu* *****ts *p**** **lix *ll r*l**s*s *rom *.*.* to *n* in*lu*in* *.*.*. Solution: r*mov** t** t** *orw*r* *ompon*nt sin*

Reasoning

T** vuln*r**ility st*ms *rom *n improp*rly **si*n** *orw*r*in* *ompon*nt t**t w*s r*mov** in t** *ix. W*il* *x**t *un*tion n*m*s/p*t*s *r*n't *is*los** in *v*il**l* sour**s, t** **visory *xpli*itly st*t*s: *) Op*n r**ir**t o**urr** t*rou** UI *m****i