Cloud.gov Pages Fix CVE-2022-28923
On Tuesday March 7th, 2023, we received reports that cloud.gov Pages sites were susceptible to an open redirection vulnerability which could allow a nefarious actor to redirect users to phishing websites via crafted URLs. You can read about the NIST CVE-2022-28923 for more information. After verifying the reports, we released an update to our proxy in the afternoon of Tuesday March 7th, 2023 to handle any nefarious URL’s with a 404 response. We also invalidated the CDN caches on customer’s production domains to remove any potentially cached redirects.