7.1

CVE-2022-31193

EPSS 0.26%
Veröffentlicht 01.08.2022 21:15:13
Zuletzt bearbeitet 21.11.2024 07:04:05
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker's choice. This issue has been patched in versions 5.11 and 6.4. Users are advised to upgrade. There are no known workaround for this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Duraspace ≫ Dspace Version >= 4.0 <= 5.10

Duraspace ≫ Dspace Version > 6.0 < 6.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.494

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	7.1	2.8	3.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://github.com/DSpace/DSpace/commit/f7758457b7ec3489d525e39aa753cc70809d9ad9

Patch

Third Party Advisory

https://github.com/DSpace/DSpace/commit/5f72424a478f59061dcc516b866dcc687bc3f9de

Patch

Third Party Advisory

https://github.com/DSpace/DSpace/security/advisories/GHSA-763j-q7wv-vf3m

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-31193

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31193

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31193

EUVD