CVE-2022-47500

EPSS 1.64%
Veröffentlicht 19.12.2022 11:15:11
Zuletzt bearbeitet 17.04.2025 15:15:52
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4.



Solution: removed the the forward component since it was improper designed for UI embedding.

 User please upgrade to 1.1.0 to fix this issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Helix Version >= 0.8.0 <= 1.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.64%	0.814

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://lists.apache.org/thread/lr74xtxxbb1t3dfn5qzzwl2xjr3qlbmh

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2022-47500

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-47500

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-47500

EUVD