Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS01OGg0LTltN20tajltNM4AAw0w

@okta/oidc-middlewareOpen Redirect vulnerability

An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL.

Affected products and versions
Okta OIDC Middleware prior to version 5.0.0.

Resolution
The vulnerability is fixed in OIDC Middleware 5.0.0. To remediate this vulnerability, upgrade Okta OIDC Middleware to this version or later.

CVE details
CVE ID: CVE-2022-3145
Published Date: 01/05/2023
Vulnerability Type: Open Redirect
CWE: CWE-601
CVSS v3.1 Score: 4.3
Severity: Medium
Vector string: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity Details
To exploit this issue, an attacker would need to send a victim a malformed URL containing a target server that they control. Once a user successfully completed the login process, the victim user would then be redirected to the attacker controlled site.

References
https://github.com/okta/okta-oidc-middleware

Permalink: https://github.com/advisories/GHSA-58h4-9m7m-j9m4
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01OGg0LTltN20tajltNM4AAw0w
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago

CVSS Score: 4.7
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Identifiers: GHSA-58h4-9m7m-j9m4, CVE-2022-3145
References:

• https://github.com/okta/okta-oidc-middleware/security/advisories/GHSA-58h4-9m7m-j9m4
• https://github.com/okta/okta-oidc-middleware/commit/5d10b3ccdd5d6893de4d8b58696094267d30c113
• https://nvd.nist.gov/vuln/detail/CVE-2022-3145
• https://github.com/advisories/GHSA-58h4-9m7m-j9m4

Repository: https://github.com/okta/okta-oidc-middleware
Blast Radius: 11.9

Affected Packages