CVE-2022-28923: URL Redirection to Untrusted Site ('Open Redirect')

February 6, 2023 (updated February 14, 2023)

Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.

References

lednerb.de/en/publications/responsible-disclosure/caddy-open-redirect-vulnerability/
nvd.nist.gov/vuln/detail/CVE-2022-28923

Code Behaviors & Features

Detect and mitigate CVE-2022-28923 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →