Skip to content
Nuclei Templates

nitely/spirit 0.12.3 - Open Redirect

ID: CVE-2022-0869

Severity: medium

Author: ctflearner

Tags: cve,cve2022,huntr,redirect,nitely,spirit,spirit-project

Description

Section titled “Description”

Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.

YAML Source

Section titled “YAML Source”
id: CVE-2022-0869


info:
  name: nitely/spirit 0.12.3 - Open Redirect
  author: ctflearner
  severity: medium
  description: |
    Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
  impact: |
    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information.
  remediation: |
    Upgrade to a patched version of nitely/spirit to mitigate the open redirect vulnerability (CVE-2022-0869).
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0869
    - https://huntr.dev/bounties/ed335a88-f68c-4e4d-ac85-f29a51b03342
    - https://github.com/nitely/spirit/commit/8f32f89654d6c30d56e0dd167059d32146fb32ef
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-0869
    cwe-id: CWE-601
    epss-score: 0.00115
    epss-percentile: 0.45018
    cpe: cpe:2.3:a:spirit-project:spirit:*:*:*:*:*:*:*:*
  metadata:
    max-request: 4
    vendor: spirit-project
    product: spirit
  tags: cve,cve2022,huntr,redirect,nitely,spirit,spirit-project


http:
  - method: GET
    path:
      - "{{BaseURL}}/user/login/?next=https%3A%2F%2Finteract.sh"
      - "{{BaseURL}}/user/logout?next=https%3A%2F%2Finteract.sh"
      - "{{BaseURL}}/user/register?next=https%3A%2F%2Finteract.sh"
      - "{{BaseURL}}/user/resend-activation?next=https%3A%2F%2Finteract.sh"


    stop-at-first-match: true
    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
# digest: 490a00463044022075778dae64ead325cd8cdacb44874e38bfe276d608600df4d80b1d7398ec1a0502207ff1e2e6a9f876d1e91222bd78b93c06b485a950de2bf81b42d022bd93302054:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-0869.yaml"

View on Github