{ "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "DATE_PUBLIC": "2022-10-05T13:45:00.000Z", "ID": "CVE-2022-25799", "STATE": "PUBLIC", "TITLE": "An open redirect vulnerability exists in CERT/CC VINCE software prior to version 1.50.0" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "VINCE - The Vulnerability Information and Coordination Environment ", "version": { "version_data": [ { "version_affected": "<", "version_name": "1.50.0", "version_value": "1.50.0" } ] } } ] }, "vendor_name": "CERT/CC" } ] } }, "credit": [ { "lang": "eng", "value": "Jonathan Leitschuh discovered and reported this security vulnerability to CERT/CC " } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site that is designed to impersonate a legitimate website. The attacker could trick the user and potentially acquire sensitive information such as the user's credentials." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')" } ] } ] }, "references": { "reference_data": [ { "name": "https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "refsource": "MISC", "url": "https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html" }, { "refsource": "MISC", "url": "https://github.com/CERTCC/VINCE/issues/45", "name": "https://github.com/CERTCC/VINCE/issues/45" } ] }, "source": { "discovery": "EXTERNAL" } }