Headline
GHSA-jqxr-vjvv-899m: @keystone-6/auth Open Redirect vulnerability
Summary
There is an open redirect in the @keystone-6/auth package, where the redirect leading / filter can be bypassed.
Impact
Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location.
Mitigations
- Don’t use the
@keystone-6/authpackage
References
- CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
- OWASP: Unvalidated Redirects and Forwards Cheat Sheet
Similar Vulnerability Reports
Credits
Thanks to morioka12 for reporting this problem.
If you have any questions around this security advisory, please don’t hesitate to contact us at security@keystonejs.com, or open an issue on GitHub.
If you have a security flaw to report for any software in this repository, please see our SECURITY policy.
Summary
There is an open redirect in the @keystone-6/auth package, where the redirect leading / filter can be bypassed.
Impact
Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location.
Mitigations
- Don’t use the @keystone-6/auth package
References
- CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
- OWASP: Unvalidated Redirects and Forwards Cheat Sheet
Similar Vulnerability Reports
- CVE-2023-0748
- CVE-2022-2252
Credits
Thanks to morioka12 for reporting this problem.
If you have any questions around this security advisory, please don’t hesitate to contact us at security@keystonejs.com, or open an issue on GitHub.
If you have a security flaw to report for any software in this repository, please see our SECURITY policy.
References
- GHSA-jqxr-vjvv-899m
- https://nvd.nist.gov/vuln/detail/CVE-2023-34247
- keystonejs/keystone#8626
Related news
Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. To mitigate this issue, one may apply a patch from pull request 8626 or avoid using the `@keystone-6/auth` package.