Skip to main content
undefined
undefined

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

undefined

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cloud.gov Pages Fix CVE-2022-28923

March 8, 2023

On Tuesday March 7th, 2023, we received reports that cloud.gov Pages sites were susceptible to an open redirection vulnerability which could allow a nefarious actor to redirect users to phishing websites via crafted URLs. You can read about the NIST CVE-2022-28923 for more information. After verifying the reports, we released an update to our proxy in the afternoon of Tuesday March 7th, 2023 to handle any nefarious URL’s with a 404 response. We also invalidated the CDN caches on customer’s production domains to remove any potentially cached redirects.