VDB
CVE-2022-28923
CVE-2022-28923
PUBLISHED
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.
EPSS 3.24% · 87.4th percentile
Risk Scores
EPSS Score
3.24%
87.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| caddyserver | caddy | 2.4.6 |
| github.com | caddyserver/caddy/v2 | 0 |
Timeline
- Feb 6, 2023 CVE Published
- Feb 7, 2023 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 23, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
- Mar 26, 2025 CVE Updated
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- May 1, 2025 EPSS Score
- May 15, 2025 EPSS Score
- Jun 1, 2025 EPSS Score
- Jun 3, 2025 EPSS Score
References
- https://lednerb.de/en/publications/responsible-disclosure/caddy-open-redirect-vulnerability/ url
- https://nvd.nist.gov/vuln/detail/CVE-2022-28923 advisory
- https://github.com/caddyserver/caddy/commit/78b5356f2b1945a90de1ef7f2c7669d82098edbd url
- https://github.com/caddyserver/caddy package
- https://lednerb.de/en/publications/responsible-disclosure/caddy-open-redirect-vulnerability url
- https://pkg.go.dev/vuln/GO-2023-1567 url