GHSA-JQXR-VJVV-899M

Vulnerability from github – Published: 2023-06-14 14:54 – Updated: 2023-06-14 14:54
VLAI?
Summary
@keystone-6/auth Open Redirect vulnerability
Details

Summary

There is an open redirect in the @keystone-6/auth package, where the redirect leading / filter can be bypassed.

Impact

Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location.

Mitigations

  • Don't use the @keystone-6/auth package

References

Similar Vulnerability Reports

Credits

Thanks to morioka12 for reporting this problem.

If you have any questions around this security advisory, please don't hesitate to contact us at security@keystonejs.com, or open an issue on GitHub.

If you have a security flaw to report for any software in this repository, please see our SECURITY policy.

Severity ?
6.1 (Medium)
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@keystone-6/auth"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-34247"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-601"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-14T14:54:06Z",
    "nvd_published_at": "2023-06-13T17:15:14Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nThere is an open redirect in the `@keystone-6/auth` package, where the redirect leading `/` filter can be bypassed.\n\n### Impact\nUsers may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location.\n\n### Mitigations\n- Don\u0027t use the `@keystone-6/auth` package\n\n### References\n- [CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)](https://cwe.mitre.org/data/definitions/601.html)\n- [OWASP: Unvalidated Redirects and Forwards Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html)\n\n#### Similar Vulnerability Reports\n- [CVE-2023-0748](https://nvd.nist.gov/vuln/detail/CVE-2023-0748)\n- [CVE-2022-2252](https://nvd.nist.gov/vuln/detail/CVE-2022-2252)\n\n#### Credits\nThanks to [morioka12](https://github.com/scgajge12) for reporting this problem.\n\nIf you have any questions around this security advisory, please don\u0027t hesitate to contact us at [security@keystonejs.com](mailto:security@keystonejs.com), or [open an issue on GitHub](https://github.com/keystonejs/keystone/issues/new/choose).\n\nIf you have a security flaw to report for any software in this repository, please see our [SECURITY policy](https://github.com/keystonejs/keystone/blob/main/SECURITY.md).\n",
  "id": "GHSA-jqxr-vjvv-899m",
  "modified": "2023-06-14T14:54:06Z",
  "published": "2023-06-14T14:54:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/keystonejs/keystone/security/advisories/GHSA-jqxr-vjvv-899m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34247"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keystonejs/keystone/pull/8626"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keystonejs/keystone"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "@keystone-6/auth Open Redirect vulnerability"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.