CVE-2022-47500
MEDIUMApache Helix 0.8.0-1.0.4 - Open Redirect in UI Component
Title source: llmDescription
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding. User please upgrade to 1.1.0 to fix this issue.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory vendor-advisory
https://lists.apache.org/thread/lr74xtxxbb1t3dfn5qzzwl2xjr3qlbmh
Scores
CVSS v3
6.1
EPSS
0.0274
EPSS Percentile
86.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (2)
apache/helix
0.8.0 - 1.0.4
org.apache.helix/helix
0.8.0 - 1.1.0Maven
Published
Dec 19, 2022
Tracked Since
Feb 18, 2026