Lucene search

Veracode Vulnerability DatabaseVERACODE:40921

HistoryJun 16, 2023 - 4:39 a.m.

Open Redirect

2023-06-1604:39:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

13.3%

JSON

@keystone-6/auth is vulnerable to Open Redirect. The vulnerability exists due to improper path sanitization which can result in users being redirected to domains other than the relative host by bypassing the / filter.

CPENameOperatorVersion
@keystone-6/authle7.0.0
@keystone-6/authle7.0.0

CPE	Name	Operator	Version
	@keystone-6/auth	le	7.0.0
	@keystone-6/auth	le	7.0.0

References

github.com/keystonejs/keystone/commit/a30c7a1630a670eb814e015254c7ae608500b2d8

github.com/keystonejs/keystone/pull/8626

github.com/keystonejs/keystone/security/advisories/GHSA-jqxr-vjvv-899m

4.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

13.3%

JSON

Related for VERACODE:40921