CVE-2022-45169: 
Linux Alpine vulnerability analysis and mitigation

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) vulnerability exists under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link (NVD).

The vulnerability is classified as a URL Redirection to Untrusted Site (Open Redirect) issue, identified as CWE-601. The CVSS v3.1 base score is 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability affects the notification system endpoint and requires user authentication to exploit (NVD).

The vulnerability allows authenticated users to send push notifications containing hidden clickable links to other users of the system. This could be exploited for phishing attacks by redirecting users to malicious websites while appearing to come from a trusted source (NVD).

Users should upgrade to a version newer than vDesk v031. Until an upgrade is possible, administrators should monitor and restrict access to the notification endpoint and implement additional validation for notification links (NVD).