Headline
CVE-2023-34247: Removes redirect functionality from `/signin` page to prevent open redirection CVE by dcousens · Pull Request #8626 · keystonejs/keystone
Keystone is a content management system for Node.JS. There is an open redirect in the @keystone-6/auth package versions 7.0.0 and prior, where the redirect leading / filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. To mitigate this issue, one may apply a patch from pull request 8626 or avoid using the @keystone-6/auth package.
Conversation
const v5PathList = ['/tutorials’, '/guides’, '/keystonejs’, '/api’, ‘/discussions’];
export default function NotFoundPage() {
const { asPath } = useRouter();
const tryV5Link = asPath.startsWith(‘/’) && v5PathList.some(i => asPath.startsWith(i));
const tryV5Link = v5PathList.some(x => asPath.startsWith(x));
magicAuthIssuedAt: timestamp({ …fieldConfig }),
magicAuthRedeemedAt: timestamp({ …fieldConfig }),
}
: null),
!session.listKey ||
session.listKey !== listKey ||
!session.itemId ||
!sudoContext.query[session.listKey]
try {
const data = await sudoContext.query[listKey].findOne({
where: { id: session.itemId as any }, // TODO: fix this
where: { id: session.itemId },
Related news
### Summary There is an open redirect in the `@keystone-6/auth` package, where the redirect leading `/` filter can be bypassed. ### Impact Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. ### Mitigations - Don't use the `@keystone-6/auth` package ### References - [CWE-601: URL Redirection to Untrusted Site ('Open Redirect')](https://cwe.mitre.org/data/definitions/601.html) - [OWASP: Unvalidated Redirects and Forwards Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) #### Similar Vulnerability Reports - [CVE-2023-0748](https://nvd.nist.gov/vuln/detail/CVE-2023-0748) - [CVE-2022-2252](https://nvd.nist.gov/vuln/detail/CVE-2022-2252) #### Credits Thanks to [morioka12](https://github.com/scgajge12) for reporting this problem. If you have any questions around this security advisory, please don't hesitate to contact us at [sec...