Skip to content
Nuclei Templates

RStudio Connect - Open Redirect

ID: CVE-2022-38131

Severity: medium

Author: xxcdd

Tags: tenable,cve,cve2022,redirect,rstudio

Description

Section titled “Description”

RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites.

YAML Source

Section titled “YAML Source”
id: CVE-2022-38131


info:
  name: RStudio Connect - Open Redirect
  author: xxcdd
  severity: medium
  description: |
    RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites.
  impact: |
    An attacker can exploit the vulnerability to redirect users to malicious websites, potentially leading to phishing attacks or other security breaches.
  remediation: |
    This issue is fixed in Connect v2023.05. Additionally, for users running Connect v1.7.2 and later, the issue is resolvable via a configuration setting mentioned in the support article.
  reference:
    - https://tenable.com/security/research/tra-2022-30
    - https://support.posit.co/hc/en-us/articles/10983374992023-CVE-2022-38131-configuration-issue-in-Posit-Connect
    - https://github.com/JoshuaMart/JoshuaMart
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-38131
    cwe-id: CWE-601
    epss-score: 0.001
    epss-percentile: 0.41301
    cpe: cpe:2.3:a:rstudio:connect:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: rstudio
    product: connect
    shodan-query:
      - "http.favicon.hash:217119619"
      - http.title:"openvpn connect"
    fofa-query:
      - "app=\"RStudio-Connect\""
      - title="openvpn connect"
    google-query: intitle:"openvpn connect"
  tags: tenable,cve,cve2022,redirect,rstudio


http:
  - raw:
      - |
        GET //%5coast.me HTTP/1.1
        Host: {{Hostname}}


    matchers-condition: and
    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me\/?(\/|[^.].*)?$'


      - type: status
        status:
          - 307
# digest: 4a0a0047304502201abd1a3b5a9590712aad3f160c02ccd727610bc23fa4933b4623367e1f85c4b502210084c18e5c24f36f138b461e0037f1ba0cfca733cfe5e6574b20a009a6a8675512:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-38131.yaml"

View on Github