Cyber Resilience

CVE-2022-0869

MediumPublic PoC

Published: 06 March 2022

Published
06 March 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score 0.0759 92.0th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-0869 is a medium-severity Open Redirect (CWE-601) vulnerability in Spirit-Project Spirit. Its CVSS base score is 6.1 (Medium).

Operationally, ranked in the top 8.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2022-0869 is an open redirect vulnerability, tracked as CWE-601, affecting the nitely/spirit repository prior to version 0.12.3. The flaw received a CVSS v3.1 score of 6.1 and permits multiple redirect paths that an attacker can influence through crafted inputs.

An unauthenticated remote attacker can exploit the issue by supplying a malicious URL that passes through the affected redirect logic. Successful exploitation causes a victim user who follows the link to be sent to an arbitrary external site, enabling phishing or other client-side redirection attacks while preserving some trust in the original domain.

The referenced GitHub commit 8f32f89654d6c30d56e0dd167059d32146fb32ef and the associated huntr.dev report document the fix that was merged to address the redirects; upgrading to spirit 0.12.3 or later implements the mitigation.

EPSS for the CVE has remained flat at 0.0759 with no material increase after disclosure.

EU & UK References

Vulnerability details

Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

spirit-project
spirit
≤ 0.12.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-601

Security awareness includes verifying URLs and avoiding untrusted redirects that lead to malicious sites.

addresses: CWE-601

Validates redirect targets and URLs to ensure they conform to allowed destinations.

References