icon

We found results for “

CVE-2022-23078

Date: June 22, 2022

Overview

In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page.

Details

In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page. After successful login of a user, he will be redirected to an arbitrary page.

PoC Details

Access the login page URL(generally: http://localhost:8080/login?redirectTo=http%3A%2F%2Fevil.com) and login as a valid user. After successful login, a redirect will be made to a malicious website.

PoC Code

?redirectTo=http://evil.com

Affected Environments

habitica versions v4.119.0-v4.232.2

Prevention

Upgrade to habitica version v4.233.0

Language: JS

Good to know:

icon
icon

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601
icon

Upgrade Version

Upgrade to version v4.233.0

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None