.. _vulnerabilityManagement_skip_registry_33x_CVE-2022-0869:

CVE-2022-0869
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Data: 2022-11-14

Severity: Medium

CVSS Score:  6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Riferimenti: `https://nvd.nist.gov/vuln/detail/CVE-2022-0869 <https://nvd.nist.gov/vuln/detail/CVE-2022-0869>`_

Libreria: commons-discovery:commons-discovery 0.5

**Descrizione**

Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.

**Falso Positivo per GovWay**

Non risultano vulnerabilità note relative alla libreria commons-discovery (`verifica effettuata tramite sonatype <https://ossindex.sonatype.org/component/pkg:maven/commons-discovery/commons-discovery@0.5>`_).

Viene descrito come un falso positivo anche nell'issuer `Issue 4644 <https://github.com/jeremylong/DependencyCheck/issues/4644>`_ del plugin OWASP Dependency-Check.

Configuration File: `false-positive.xml <https://raw.githubusercontent.com/link-it/govway/master/mvn/dependencies/owasp/falsePositives/commons-discovery.xml>`_