{"id":"CVE-2022-29718","details":"Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.","aliases":["GHSA-2927-hv3p-f3vp"],"modified":"2026-05-28T04:07:57.572748505Z","published":"2022-06-02T00:00:00Z","related":["CGA-gq2g-9v58-7884","openSUSE-SU-2022:10007-1","openSUSE-SU-2024:12132-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/29xxx/CVE-2022-29718.json","cna_assigner":"mitre"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/29xxx/CVE-2022-29718.json"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP2VIUT5IKA3OKM6YWA5LTLJ2GTEIH7C/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29718"},{"type":"FIX","url":"https://github.com/caddyserver/caddy/pull/4499"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/caddyserver/caddy","events":[{"introduced":"bc2210247861340c644d9825ac2b2860f8c6e12a"},{"fixed":"a8bb4a665af358f61a7ac0eabac8df2110cb6a36"}],"database_specific":{"cpe":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","source":"CPE_RANGE","extracted_events":[{"introduced":"2.4.0"},{"fixed":"2.5.0"}]}}],"versions":["v2.5.0-rc.1","v2.5.0-beta.1","v2.4.6","v2.4.5","v2.4.4","v2.4.3","v2.4.2","v2.4.1","v2.4.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29718.json"}}],"schema_version":"1.7.5"}