Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS03cDk5LTM3OTgtZjg1Y803ag

URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect

Impact

Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route.

If all routes under example.com are protected with the requiresAuth middleware, a visit to http://example.com//google.com will be redirected to google.com after login because the original url reported by the Express framework is not properly sanitised.

Am I affected?

You are affected by this vulnerability if you are using the requiresAuth middleware on a catch all route or the default authRequired option and express-openid-connect version <=2.7.1.

How to fix that?

Upgrade to version >=2.7.2

Will this update impact my users?

The fix provided in the patch will not affect your users.

Permalink: https://github.com/advisories/GHSA-7p99-3798-f85c
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03cDk5LTM3OTgtZjg1Y803ag
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: over 1 year ago

CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

Identifiers: GHSA-7p99-3798-f85c, CVE-2022-24794
References:

• https://github.com/auth0/express-openid-connect/security/advisories/GHSA-7p99-3798-f85c
• https://github.com/auth0/express-openid-connect/commit/0947b92164a2c5f661ebcc183d37e7f21de719ad
• https://nvd.nist.gov/vuln/detail/CVE-2022-24794
• https://github.com/advisories/GHSA-7p99-3798-f85c

Repository: https://github.com/auth0/express-openid-connect
Blast Radius: 21.8

Affected Packages