CVE-2022-45582

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.

*Credits: N/A

CVSS Scores

NISTv3.1 6.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-11-21 CVE Reserved
2023-08-22 CVE Published
2024-08-03 CVE Updated
2024-09-23 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CAPEC

References (4)

URL	Tag	Source
https://github.com/openstack/horizon/blob/master/horizon/workflows/views.py#L96-L102	Issue Tracking
https://lists.debian.org/debian-lts-announce/2023/11/msg00033.html	Mailing List
https://lists.debian.org/debian-lts-announce/2023/12/msg00000.html	Mailing List

URL	Date	SRC

URL	Date	SRC
https://bugs.launchpad.net/horizon/+bug/1982676	2023-12-01

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openstack Search vendor "Openstack"		Horizon Search vendor "Openstack" for product "Horizon"				>= 19.4.0 <= 20.1.4 Search vendor "Openstack" for product "Horizon" and version " >= 19.4.0 <= 20.1.4"		-		Affected