Vulnerability Details : CVE-2022-24794
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under `example.com` are protected with the `requiresAuth` middleware, a visit to `http://example.com//google.com` will be redirected to `google.com` after login because the original url reported by the Express framework is not properly sanitized. This vulnerability affects versions prior to 2.7.2. Users are advised to upgrade. There are no known workarounds.
Vulnerability category: Open redirect
Products affected by CVE-2022-24794
- cpe:2.3:a:auth0:express_openid_connect:*:*:*:*:*:node.js:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-24794
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-24794
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N |
2.2
|
4.7
|
GitHub, Inc. |
CWE ids for CVE-2022-24794
-
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.Assigned by: security-advisories@github.com (Primary)
References for CVE-2022-24794
-
https://github.com/auth0/express-openid-connect/commit/0947b92164a2c5f661ebcc183d37e7f21de719ad
Merge pull request from GHSA-7p99-3798-f85c · auth0/express-openid-connect@0947b92 · GitHubPatch;Third Party Advisory
-
https://github.com/auth0/express-openid-connect/security/advisories/GHSA-7p99-3798-f85c
URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect · Advisory · auth0/express-openid-connect · GitHubThird Party Advisory
Jump to