CVE-2022-23078

Published Jun 22, 2022

Last updated a year ago

CVSS info 5.8

Overview

Description: In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page.
Source: vulnerabilitylab@mend.io
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:N

Weaknesses

vulnerabilitylab@mend.io: CWE-601

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:habitica:habitica:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D35F7004-7C02-47B0-892B-9CA4AD2CA2D3",
            "versionEndExcluding": "4.233.0",
            "versionStartIncluding": "4.119.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

https://nvd.nist.gov/vuln/detail/CVE-2022-23078
https://github.com/HabitRPG/habitica/commit/5bcfdbe066e8c899f3ecf3fdcdbacc2ecba7f02f
https://www.mend.io/vulnerability-database/CVE-2022-23078

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References