Vulnerability Description
An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site that is designed to impersonate a legitimate website. The attacker could trick the user and potentially acquire sensitive information such as the user's credentials.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cert | Vince | < 1.50.0 |
Related Weaknesses (CWE)
References
- https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_ForwardExploitThird Party Advisory
- https://github.com/CERTCC/VINCE/issues/45Issue TrackingThird Party Advisory
- https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_ForwardExploitThird Party Advisory
- https://github.com/CERTCC/VINCE/issues/45Issue TrackingThird Party Advisory
FAQ
What is CVE-2022-25799?
CVE-2022-25799 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authent...
How severe is CVE-2022-25799?
CVE-2022-25799 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25799?
Check the references section above for vendor advisories and patch information. Affected products include: Cert Vince.