{"id":"CVE-2022-23078","summary":"Habitica - Open redirect in login page","details":"In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page.","modified":"2026-05-19T04:02:52.735137460Z","published":"2022-06-22T12:00:17.050Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23078.json","cwe_ids":["CWE-601"],"cna_assigner":"Mend"},"references":[{"type":"WEB","url":"https://www.mend.io/vulnerability-database/CVE-2022-23078"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23078.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23078"},{"type":"FIX","url":"https://github.com/HabitRPG/habitica/commit/5bcfdbe066e8c899f3ecf3fdcdbacc2ecba7f02f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/habitrpg/habitica","events":[{"introduced":"bfc84be6903b8dedb5b1de9df76159b8910c00fa"},{"fixed":"5bcfdbe066e8c899f3ecf3fdcdbacc2ecba7f02f"}]}],"versions":["v4.229.2","v4.229.1","v4.229.0","v4.228.4","v4.228.3","v4.228.2","v4.228.1","v4.228.0","v4.227.0","v4.221.0","v4.217.0","v4.216.0","v4.215.1","v4.215.0","v4.214.6","v4.214.5","v4.213.0","v4.212.2","v4.212.1","v4.212.0","v4.211.8","v4.211.7","v4.211.6","v4.211.5","v4.211.4","v4.211.3","v4.210.1","v4.210.0","v4.209.0","v4.208.2","v4.202.0","v4.201.1","v4.201.0","v4.200.0","v4.199.1","v4.199.0","v4.198.2","v4.198.1","v4.198.0","v4.197.2","v4.197.1","v4.197.0","v4.196.1","v4.196.0","v4.195.0","v4.194.0","v4.193.0","v4.192.2","v4.192.1","v4.192.0","v4.191.0","v4.190.1","v4.190.0","v4.189.2","v4.189.1","v4.189.0","v4.188.4","v4.188.3","v4.188.2","v4.188.1","v4.188.0","v4.187.0","v4.186.0","v4.185.0","v4.184.3","v4.184.2","v4.184.1","v4.184.0","v4.183.1","v4.183.0","v4.182.0","v4.181.3","v4.181.2","v4.178.3","v4.178.2","v4.178.1","v4.178.0","v4.177.0","v4.176.0","v4.175.8","v4.175.7","v4.175.6","v4.175.5","v4.175.4","v4.175.3","v4.175.2","v4.175.1","v4.175.0","v4.167.0","v4.158.0","v4.157.1","v4.156.2","v4.156.1","v4.156.0","v4.155.2","v4.155.1","v4.154.1","v4.153.1","v4.152.1","v4.152.0","v4.151.5","v4.151.4","v4.151.3","v4.151.1","v4.151.0","v4.150.0","v4.149.3","v4.149.2","v4.149.1","v4.149.0","v4.148.3","v4.148.2","v4.148.1","v4.148.0","v4.147.3","v4.147.2","v4.146.6","v4.143.3","v4.143.2","v4.143.1","v4.143.0","v4.142.3","v4.142.2","v4.142.1","v4.142.0","v4.141.4","v4.141.3","v4.141.2","v4.141.1","v4.140.13","v4.140.12","v4.140.11","v4.140.10","v4.140.9","v4.140.4","v4.140.3","v4.140.2","v4.140.1","v4.140.0","v4.139.0","v4.138.6","v4.138.5","v4.138.4","v4.138.3","v4.138.2","v4.138.1","v4.136.3","v4.134.4","v4.134.3","v4.134.2","v4.134.1","v4.133.0","v4.132.2","v4.131.0","v4.130.2","v4.129.4","v4.129.2","v4.129.0","v4.129.1","v4.128.3","v4.128.2","v4.128.1","v4.128.0","v4.127.4","v4.127.3","v4.127.2","v4.127.1","v4.127.0","v4.126.1","v4.126.0","v4.125.0","v4.124.1","v4.124.0","v4.123.0","v4.122.0","v4.121.1","v4.121.0","v4.120.2","v4.120.1","v4.119.1","v4.119.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23078.json"}}],"schema_version":"1.7.5"}