GMS-2023-8: Duplicate of ./npm/@okta/oidc-middleware/CVE-2022-3145.yml

An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL.

Affected products and versions Okta OIDC Middleware prior to version 5.0.0.

Resolution The vulnerability is fixed in OIDC Middleware 5.0.0. To remediate this vulnerability, upgrade Okta OIDC Middleware to this version or later.

CVE details CVE ID: CVE-2022-3145 Published Date: 01/05/2023 Vulnerability Type: Open Redirect CWE: CWE-601 CVSS v3.1 Score: 4.3 Severity: Medium Vector string: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity Details To exploit this issue, an attacker would need to send a victim a malformed URL containing a target server that they control. Once a user successfully completed the login process, the victim user would then be redirected to the attacker controlled site.

References https://github.com/okta/okta-oidc-middleware