CVE-2022-23078

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-23078

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23078.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-23078

Published

2022-06-22T12:00:17.050Z

Modified

2026-05-18T05:53:20.541887901Z

Summary

Habitica - Open redirect in login page

Details

In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23078.json",
    "cwe_ids": [
        "CWE-601"
    ],
    "cna_assigner": "Mend"
}

References

Affected packages

Git / github.com/habitrpg/habitica

Affected ranges

Type: GIT
Repo: https://github.com/habitrpg/habitica
Events: Introduced

bfc84be6903b8dedb5b1de9df76159b8910c00fa

Fixed

86068f42d4a4bc07afd40e0b11664ac6d261cca0

Affected versions

v4.*

v4.119.0

v4.119.1

v4.120.1

v4.120.2

v4.121.0

v4.121.1

v4.122.0

v4.123.0

v4.124.0

v4.124.1

v4.125.0

v4.126.0

v4.126.1

v4.127.0

v4.127.1

v4.127.2

v4.127.3

v4.127.4

v4.128.0

v4.128.1

v4.128.2

v4.128.3

v4.129.0

v4.129.1

v4.129.2

v4.129.4

v4.130.2

v4.131.0

v4.132.2

v4.133.0

v4.134.1

v4.134.2

v4.134.3

v4.134.4

v4.136.3

v4.138.1

v4.138.2

v4.138.3

v4.138.4

v4.138.5

v4.138.6

v4.139.0

v4.140.0

v4.140.1

v4.140.10

v4.140.11

v4.140.12

v4.140.13

v4.140.2

v4.140.3

v4.140.4

v4.140.9

v4.141.1

v4.141.2

v4.141.3

v4.141.4

v4.142.0

v4.142.1

v4.142.2

v4.142.3

v4.143.0

v4.143.1

v4.143.2

v4.143.3

v4.146.6

v4.147.2

v4.147.3

v4.148.0

v4.148.1

v4.148.2

v4.148.3

v4.149.0

v4.149.1

v4.149.2

v4.149.3

v4.150.0

v4.151.0

v4.151.1

v4.151.3

v4.151.4

v4.151.5

v4.152.0

v4.152.1

v4.153.1

v4.154.1

v4.155.1

v4.155.2

v4.156.0

v4.156.1

v4.156.2

v4.157.1

v4.158.0

v4.167.0

v4.175.0

v4.175.1

v4.175.2

v4.175.3

v4.175.4

v4.175.5

v4.175.6

v4.175.7

v4.175.8

v4.176.0

v4.177.0

v4.178.0

v4.178.1

v4.178.2

v4.178.3

v4.181.2

v4.181.3

v4.182.0

v4.183.0

v4.183.1

v4.184.0

v4.184.1

v4.184.2

v4.184.3

v4.185.0

v4.186.0

v4.187.0

v4.188.0

v4.188.1

v4.188.2

v4.188.3

v4.188.4

v4.189.0

v4.189.1

v4.189.2

v4.190.0

v4.190.1

v4.191.0

v4.192.0

v4.192.1

v4.192.2

v4.193.0

v4.194.0

v4.195.0

v4.196.0

v4.196.1

v4.197.0

v4.197.1

v4.197.2

v4.198.0

v4.198.1

v4.198.2

v4.199.0

v4.199.1

v4.200.0

v4.201.0

v4.201.1

v4.202.0

v4.208.2

v4.209.0

v4.210.0

v4.210.1

v4.211.3

v4.211.4

v4.211.5

v4.211.6

v4.211.7

v4.211.8

v4.212.0

v4.212.1

v4.212.2

v4.213.0

v4.214.5

v4.214.6

v4.215.0

v4.215.1

v4.216.0

v4.217.0

v4.221.0

v4.227.0

v4.228.0

v4.228.1

v4.228.2

v4.228.3

v4.228.4

v4.229.0

v4.229.1

v4.229.2

v4.232.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23078.json"