View all vulnerabilities

CVE-2022-3145

@okta/oidc-middlewareOpen Redirect vulnerability

An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL.**Affected products and versions**Okta OIDC Middleware prior to version 5.0.0.**Resolution**The vulnerability is fixed in OIDC Middleware 5.0.0. To remediate this vulnerability, upgrade Okta OIDC Middleware to this version or later.**CVE details****CVE ID:** [CVE-2022-3145](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3145)**Published Date:** 01/05/2023**Vulnerability Type:** Open Redirect**CWE:** CWE-601**CVSS v3.1 Score:** 4.3**Severity:** Medium**Vector string:** AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N**Severity Details**To exploit this issue, an attacker would need to send a victim a malformed URL containing a target server that they control. Once a user successfully completed the login process, the victim user would then be redirected to the attacker controlled site.**References**https://github.com/okta/okta-oidc-middleware

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
4.6
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Affected Versions
@okta/oidc-middleware < 5.0.0
Severity
Medium
Ecosystem
JavaScript
Publish Date
January 9, 2023
Modified Date
November 7, 2023