CVE-2022-25295 - Vulnerability Details - OpenCVE

This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\\\\example.com, browser will redirect user to http://example.com.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00202.

Key SSVC decision points have not yet been added.

Vendors	Products
Getgophish	Gophish

Configuration 1 [-]

cpe:2.3:a:getgophish:gophish:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-6843	This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\\\\example.com, browser will redirect user to http://example.com.
Github GHSA	GHSA-hvw3-p9px-gpc9	Gophish before 0.12.0 vulnerable to Open Redirect

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/gophish/gophish/pull/2262
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOPHISHGOPHISH-2404177

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2022-09-11T13:45:20.564802Z

Updated: 2024-09-16T17:29:06.682Z

Reserved: 2022-02-16T00:00:00

Link: CVE-2022-25295

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-11T14:15:08.803

Modified: 2024-11-21T06:51:56.737

Link: CVE-2022-25295

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "github.com/gophish/gophish", "vendor": "n/a", "versions": [{"lessThan": "0.12.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Snyk Security Team"}], "datePublic": "2022-09-11T00:00:00", "descriptions": [{"lang": "en", "value": "This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue(\"next\")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\\\\\\\\\\example.com, browser will redirect user to http://example.com."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.1, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Open Redirect", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-11T13:45:20", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOPHISHGOPHISH-2404177"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/gophish/gophish/pull/2262"}], "title": "Open Redirect", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2022-09-11T13:42:52.981006Z", "ID": "CVE-2022-25295", "STATE": "PUBLIC", "TITLE": "Open Redirect"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "github.com/gophish/gophish", "version": {"version_data": [{"version_affected": "<", "version_value": "0.12.0"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Snyk Security Team"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue(\"next\")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\\\\\\\\\\example.com, browser will redirect user to http://example.com."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Open Redirect"}]}]}, "references": {"reference_data": [{"name": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOPHISHGOPHISH-2404177", "refsource": "MISC", "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOPHISHGOPHISH-2404177"}, {"name": "https://github.com/gophish/gophish/pull/2262", "refsource": "MISC", "url": "https://github.com/gophish/gophish/pull/2262"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:36:06.652Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOPHISHGOPHISH-2404177"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gophish/gophish/pull/2262"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2022-25295", "datePublished": "2022-09-11T13:45:20.564802Z", "dateReserved": "2022-02-16T00:00:00", "dateUpdated": "2024-09-16T17:29:06.682Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:getgophish:gophish:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EDBA099-F9CD-4C73-9EA4-AF188E8F26DA", "versionEndExcluding": "0.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue(\"next\")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\\\\\\\\\\example.com, browser will redirect user to http://example.com."}, {"lang": "es", "value": "Esto afecta al paquete github.com/gophish/gophish versiones anteriores a 0.12.0. Una vulnerabilidad de Redireccionamiento Abierto se presenta en el siguiente par\u00e1metro de consulta. La aplicaci\u00f3n usa url.Parse(r.FormValue(\"next\")) para extraer la ruta y eventualmente redirigir al usuario a una URL relativa, pero si el par\u00e1metro next comienza con m\u00faltiples barras invertidas como \\\\\\\\\\\\example.com, el navegador redirigir\u00e1 al usuario a http://example.com"}], "id": "CVE-2022-25295", "lastModified": "2024-11-21T06:51:56.737", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "report@snyk.io", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-11T14:15:08.803", "references": [{"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gophish/gophish/pull/2262"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOPHISHGOPHISH-2404177"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gophish/gophish/pull/2262"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOPHISHGOPHISH-2404177"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}