CVE-2022-45582

2023-08-2219:16:30

Debian Security Bug Tracker

security-tracker.debian.org

open redirect

horizon web dashboard

vulnerability

success_url

cve-2022-45582

unix

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

20.4%

JSON

Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.

OSVersionArchitecturePackageVersionFilename
Debian12allhorizon< 3:23.0.0-5+deb12u1horizon_3:23.0.0-5+deb12u1_all.deb
Debian11allhorizon< 3:18.6.2-5+deb11u2horizon_3:18.6.2-5+deb11u2_all.deb
Debian999allhorizon< 3:23.1.0-3horizon_3:23.1.0-3_all.deb
Debian13allhorizon< 3:23.1.0-3horizon_3:23.1.0-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	horizon	< 3:23.0.0-5+deb12u1	horizon_3:23.0.0-5+deb12u1_all.deb
Debian	11	all	horizon	< 3:18.6.2-5+deb11u2	horizon_3:18.6.2-5+deb11u2_all.deb
Debian	999	all	horizon	< 3:23.1.0-3	horizon_3:23.1.0-3_all.deb
Debian	13	all	horizon	< 3:23.1.0-3	horizon_3:23.1.0-3_all.deb