PT-2022-16883 · Unknown · Express Openid Connect
Jviding
·
Published
2022-03-31
·
Updated
2022-04-08
·
CVE-2022-24794
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Express OpenID Connect versions prior to 2.7.2
Description
The issue affects users of the
requiresAuth middleware, either directly or through the default authRequired option, making them vulnerable to an Open Redirect when the middleware is applied to a catch-all route. If all routes under a domain are protected with the requiresAuth middleware, a visit to a URL like http://example.com//google.com will be redirected to google.com after login because the original URL reported by the Express framework is not properly sanitized.Recommendations
For versions prior to 2.7.2, upgrade to version 2.7.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the
requiresAuth middleware on catch-all routes until the upgrade is applied.Exploit
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Express Openid Connect