Moderate severityNVD Advisory· Published Feb 6, 2023· Updated Mar 26, 2025
CVE-2022-28923
CVE-2022-28923
Description
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/caddyserver/caddy/v2Go | < 2.5.0-beta.1 | 2.5.0-beta.1 |
Affected products
9- Caddy/Caddydescription
- osv-coords8 versionspkg:apk/chainguard/caddypkg:apk/chainguard/caddy-fipspkg:apk/chainguard/caddy-manpkg:apk/chainguard/caddy-srcpkg:apk/wolfi/caddypkg:apk/wolfi/caddy-manpkg:apk/wolfi/caddy-srcpkg:golang/github.com/caddyserver/caddy/v2
< 0+ 7 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 2.5.0-beta.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-qpm3-vr34-h8w8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-28923ghsaADVISORY
- github.com/caddyserver/caddy/commit/78b5356f2b1945a90de1ef7f2c7669d82098edbdghsaWEB
- lednerb.de/en/publications/responsible-disclosure/caddy-open-redirect-vulnerabilityghsaWEB
- pkg.go.dev/vuln/GO-2023-1567ghsaWEB
- lednerb.de/en/publications/responsible-disclosure/caddy-open-redirect-vulnerability/mitre
News mentions
0No linked articles in our index yet.