{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-25799", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "datePublished": "2022-08-16T22:00:15.993Z", "dateUpdated": "2024-09-17T02:06:51.198Z", "dateReserved": "2022-02-22T00:00:00.000Z"}, "containers": {"cna": {"title": "An open redirect vulnerability exists in CERT/CC VINCE software prior to version 1.50.0", "datePublic": "2022-10-05T00:00:00.000Z", "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2022-10-06T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site that is designed to impersonate a legitimate website. The attacker could trick the user and potentially acquire sensitive information such as the user's credentials."}], "affected": [{"vendor": "CERT/CC", "product": "VINCE - The Vulnerability Information and Coordination Environment", "versions": [{"version": "1.50.0", "status": "affected", "lessThan": "1.50.0", "versionType": "custom"}]}], "references": [{"url": "https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html"}, {"url": "https://github.com/CERTCC/VINCE/issues/45"}], "credits": [{"lang": "en", "value": "Jonathan Leitschuh discovered and reported this security vulnerability to CERT/CC"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "cweId": "CWE-601"}]}], "source": {"discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:49:43.465Z"}, "title": "CVE Program Container", "references": [{"url": "https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "tags": ["x_transferred"]}, {"url": "https://github.com/CERTCC/VINCE/issues/45", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cert:vince:*:*:*:*:*:*:*:*", "matchCriteriaId": "996A047E-B6BD-4CA2-AFFE-25FD35000D66", "versionEndExcluding": "1.50.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site that is designed to impersonate a legitimate website. The attacker could trick the user and potentially acquire sensitive information such as the user's credentials."}, {"lang": "es", "value": "Existe una vulnerabilidad de redirecci\u00f3n abierta en el software CERT/CC VINCE anterior a la versi\u00f3n 1.50.0. Un atacante podr\u00eda enviar un enlace con una URL especialmente dise\u00f1ada y convencer al usuario de que haga clic en el enlace. Cuando un usuario autenticado hace clic en el enlace, el navegador del usuario autenticado podr\u00eda ser redirigido a un sitio malicioso que est\u00e1 dise\u00f1ado para hacerse pasar por un sitio web leg\u00edtimo. El atacante podr\u00eda enga\u00f1ar al usuario y potencialmente adquirir informaci\u00f3n sensible como las credenciales del usuario"}], "id": "CVE-2022-25799", "lastModified": "2024-11-21T06:53:01.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-16T22:15:08.147", "references": [{"source": "cret@cert.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html"}, {"source": "cret@cert.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/CERTCC/VINCE/issues/45"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/CERTCC/VINCE/issues/45"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "cret@cert.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}