CVE-2022-45169

Name
CVE-2022-45169
Description
An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://www.gruppotim.it/it/footer/red-team.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:liveboxcloud:vdesk:*:*:*:*:*:*:*:* vdesk >= None <= v031
cpe:2.3:a:liveboxcloud:vdesk:*:*:*:*:*:*:*:* vdesk >= None <= 031

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
vdesk edge-community 1.2-r1 ScrumpyJack <scrumpyjack@st.ilet.to> possibly vulnerable
vdesk 3.19-community 1.2-r1 ScrumpyJack <scrumpyjack@st.ilet.to> possibly vulnerable