Lucene search
Veracode Vulnerability DatabaseVERACODE:39584HistoryMar 08, 2023 - 3:54 a.m.
Open Redirect
2023-03-0803:54:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
keycloak-connect
open redirect
vulnerability
check-sso.js
malicious urls
query parameters
EPSS
0.001
Percentile
31.3%
keycloak-connect is vulnerable to Open Redirect. The vulnerability exists in the module.exports function of the check-sso.js as it does not properly escape the slashes in the cleanUrl attribute, allowing an attacker to redirect the user to malicious urls with query param prompt=none when checking SSO.
Related
osv
osv
CVE-2022-2237
2023-03-27 22:15:11
keycloak-connect contains Open redirect vulnerability in the Node.js adapter
2023-03-02 23:21:02
cvelist
cvelist
CVE-2022-2237
2023-03-27 00:00:00
redhatcve
redhatcve
CVE-2022-2237
2023-03-01 13:59:36
github
github
keycloak-connect contains Open redirect vulnerability in the Node.js adapter
2023-03-02 23:21:02
prion
prion
Open redirect
2023-03-27 22:15:00
nvd
nvd
CVE-2022-2237
2023-03-27 22:15:11
cve
cve
CVE-2022-2237
2023-03-27 22:15:11
redhat
redhat
(RHSA-2023:1049) Important: Red Hat Single Sign-On 7.6.2 security update
2023-03-01 21:56:34