CVE-2022-29718

NameCVE-2022-29718
DescriptionCaddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
caddy (PTS)bookworm2.6.2-5fixed
sid, trixie2.6.2-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
caddysource(unstable)(not affected)

Notes

- caddy <not-affected> (Fixed before initial upload to Debian to unstable; did affect experimental upload)
https://github.com/caddyserver/caddy/pull/4499
https://github.com/caddyserver/caddy/commit/3fe2c73dd04f7769a9d9673236cb94b79ac45659 (v2.5.0-beta.1)

Search for package or bug name: Reporting problems