PT-2023-13036 · Okta · Okta Oidc Middleware

Jviding

Publicado

2023-01-09

Atualizado

2025-04-08

CVE-2022-3145

CVSS v3.1

4.7

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Okta OIDC Middleware versions prior to 5.0.0

Description An open redirect issue exists, allowing an attacker to redirect a user to an arbitrary URL. To exploit this, an attacker would need to send a victim a malformed URL containing a target server that they control. Once a user successfully completed the login process, the victim user would then be redirected to the attacker-controlled site.

Recommendations For Okta OIDC Middleware versions prior to 5.0.0, upgrade to version 5.0.0 or later to remediate this issue.

Correção

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

CVE-2022-3145

GHSA-58H4-9M7M-J9M4

Produtos afetados

Okta Oidc Middleware

PT-2023-13036 · Okta · Okta Oidc Middleware

CVE-2022-3145

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10