Lucene search

GitHub Advisory DatabaseGHSA-59FQ-727J-HM3F

HistoryMar 02, 2023 - 11:21 p.m.

keycloak-connect contains Open redirect vulnerability in the Node.js adapter

2023-03-0223:21:02

CWE-601

GitHub Advisory Database

github.com

108

keycloak

open redirect

vulnerability

node.js

adapter

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.3%

JSON

There is an Open Redirect vulnerability in the Node.js adapter when forwarding requests to Keycloak using checkSSO with query param prompt=none.

Affected configurations

Vulners

Node

keycloak-connectRange<21.0.1

VendorProductVersionCPE
*keycloak-connect*cpe:2.3:a:*:keycloak-connect:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	keycloak-connect	*	cpe:2.3:a::keycloak-connect::::::::*

References

bugzilla.redhat.com/show_bug.cgi?id=2097007

github.com/advisories/GHSA-59fq-727j-hm3f

github.com/keycloak/keycloak-nodejs-connect/commit/190a9470e234bbd9ac5d5de43f5a19aead9a2c21

github.com/keycloak/keycloak-nodejs-connect/security/advisories/GHSA-59fq-727j-hm3f

nvd.nist.gov/vuln/detail/CVE-2022-2237

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.3%

JSON

Related for GHSA-59FQ-727J-HM3F