GMS-2023-578: keycloak-connect contains Open redirect vulnerability in the Node.js adapter

March 27, 2023 (updated December 20, 2023)

There is an Open Redirect vulnerability in the Node.js adapter when forwarding requests to Keycloak using checkSSO with query param prompt=none.

References

github.com/advisories/GHSA-59fq-727j-hm3f
github.com/keycloak/keycloak-nodejs-connect/commit/190a9470e234bbd9ac5d5de43f5a19aead9a2c21
github.com/keycloak/keycloak-nodejs-connect/security/advisories/GHSA-59fq-727j-hm3f

Code Behaviors & Features

Detect and mitigate GMS-2023-578 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →