CVE-2022-3145

creationtimestamp| type| source ---|---|--- 2023-01-12 22:30:44+00:00| seen| https://t.me/cibsecurity/56449 2025-04-08 13:46:32+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10903...

CVE-2022-3145

CVE-2022-3145 affects Okta OIDC Middleware before 5.0.0. The root cause is an open redirect due to insufficient validation of redirect URLs in the authentication flow (e.g., ensureAuthenticated). This enables an attacker to redirect users to arbitrary, attacker-controlled URLs after login. Remedi...

@okta/oidc-middlewareOpen Redirect vulnerability

An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL. Affected products and versions Okta OIDC Middleware prior to version 5.0.0. Resolution The vulnerability is fixed in OIDC Middleware 5.0.0. To remediat...

GHSA-58H4-9M7M-J9M4 @okta/oidc-middlewareOpen Redirect vulnerability

An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL. Affected products and versions Okta OIDC Middleware prior to version 5.0.0. Resolution The vulnerability is fixed in OIDC Middleware 5.0.0. To remediat...

@cloud-carbon-footprint/client (>=0.0.0 <=0.2.0), @financial-times/ed-tech-auth (>=1.1.0 <=1.7.0) +5 more potentially affected by CVE-2022-3145 via @okta/oidc-middleware (>=0.0.2 <=4.5.1)

@okta/oidc-middleware NPM version =0.0.2, =0.0.0, =1.1.0, =0.0.1, =1.78.0, =0.1.0, =0.3.1 Source cves: CVE-2022-3145 Source advisory: OSV:GHSA-58H4-9M7M-J9M4...