CVE-2022-47500

EPSS 1.18%
Published 19.12.2022 11:15:11
Last modified 17.04.2025 15:15:52
Source security@apache.org
Teams watchlist Login
Open Login

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4.



Solution: removed the the forward component since it was improper designed for UI embedding.

 User please upgrade to 1.1.0 to fix this issue.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Helix Version >= 0.8.0 <= 1.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.18%	0.78

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://lists.apache.org/thread/lr74xtxxbb1t3dfn5qzzwl2xjr3qlbmh

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2022-47500

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-47500

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-47500

EUVD