CVE-2022-23798 - OpenCVE

An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Joomla	Joomla\!

Configuration 1 [-]

OR	cpe:2.3:a:joomla:joomla\!::::::::
	cpe:2.3:a:joomla:joomla\!::::::::

References

Link	Resource
https://developer.joomla.org/security-centre/875-20220306-core-inadequate-validation-of-internal-urls.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Joomla

Published: 2022-03-29T00:00:00

Updated: 2022-12-22T11:55:51.566Z

Reserved: 2022-01-20T00:00:00

Link: CVE-2022-23798

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-03-30T16:15:11.657

Modified: 2022-04-05T12:19:23.680

Link: CVE-2022-23798

JSON object: View

Redhat Information

No data.

CWE

CWE-601

{"containers": {"cna": {"affected": [{"product": "Joomla! CMS", "vendor": "Joomla! Project", "versions": [{"status": "affected", "version": "2.5.0-3.10.6 & 4.0.0-4.1.0"}]}], "datePublic": "2022-03-29T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not."}], "problemTypes": [{"descriptions": [{"description": "Open redirect", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586", "shortName": "Joomla", "dateUpdated": "2022-12-22T11:55:51.566Z"}, "references": [{"tags": ["x_refsource_MISC", "vendor-advisory"], "url": "https://developer.joomla.org/security-centre/875-20220306-core-inadequate-validation-of-internal-urls.html"}], "title": "[20220306] - Core - Inadequate validation of internal URLs", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@joomla.org", "DATE_PUBLIC": "2022-03-29T18:00:00", "ID": "CVE-2022-23798", "STATE": "PUBLIC", "TITLE": "[20220306] - Core - Inadequate validation of internal URLs"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Joomla! CMS", "version": {"version_data": [{"version_value": "2.5.0-3.10.6 & 4.0.0-4.1.0"}]}}]}, "vendor_name": "Joomla! Project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Open redirect"}]}]}, "references": {"reference_data": [{"name": "https://developer.joomla.org/security-centre/875-20220306-core-inadequate-validation-of-internal-urls.html", "refsource": "MISC", "url": "https://developer.joomla.org/security-centre/875-20220306-core-inadequate-validation-of-internal-urls.html"}]}}}}, "cveMetadata": {"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586", "assignerShortName": "Joomla", "cveId": "CVE-2022-23798", "datePublished": "2022-03-29T00:00:00", "dateReserved": "2022-01-20T00:00:00", "dateUpdated": "2022-12-22T11:55:51.566Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", "matchCriteriaId": "50612B35-8FF4-4F15-A64D-48BFDE1D88D7", "versionEndIncluding": "3.10.6", "versionStartIncluding": "2.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", "matchCriteriaId": "73E200A2-6A45-47D7-B75E-5BD5F1B5778F", "versionEndIncluding": "4.1.0", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not."}, {"lang": "es", "value": "Se ha detectado un problema en Joomla! Versiones 2.5.0 hasta 3.10.6 y 4.0.0 hasta 4.1.0. Una comprobaci\u00f3n inapropiada de las URLs podr\u00eda resultar en una comprobaci\u00f3n no v\u00e1lida de si una URL de redireccionamiento es interna o no"}], "id": "CVE-2022-23798", "lastModified": "2022-04-05T12:19:23.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-30T16:15:11.657", "references": [{"source": "security@joomla.org", "tags": ["Vendor Advisory"], "url": "https://developer.joomla.org/security-centre/875-20220306-core-inadequate-validation-of-internal-urls.html"}], "sourceIdentifier": "security@joomla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}