Posit has discovered a configuration issue with Posit (formerly RStudio) Connect that can allow open redirects with all versions of Connect including the latest (v.2022.12.0) This issue is tracked via CVE-2022-38131. Customers running Connect v1.7.2 and later can resolve this issue as follows:
/etc/rstudio-connect/rstudio-connect.gcfg file to add
URLNormalizationRedirects = false under the
[Server] section as below:
Save the file, and restart the
This remediation has been confirmed for Connect v.1.7.2 and later. Customers running versions of Connect older than v1.7.2 should upgrade as they are now out of support.