Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs. https://lednerb.de/en/publications/responsible-disclosure/caddy-open-redirect-vulnerability/
Created caddy tracking bugs for this issue: Affects: epel-7 [bug 2167573] Affects: fedora-all [bug 2167572]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-28923