GMS-2023-8: Duplicate of ./npm/@okta/oidc-middleware/CVE-2022-3145.yml
An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL.
Affected products and versions Okta OIDC Middleware prior to version 5.0.0.
Resolution The vulnerability is fixed in OIDC Middleware 5.0.0. To remediate this vulnerability, upgrade Okta OIDC Middleware to this version or later.
CVE details CVE ID: CVE-2022-3145 Published Date: 01/05/2023 Vulnerability Type: Open Redirect CWE: CWE-601 CVSS v3.1 Score: 4.3 Severity: Medium Vector string: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Severity Details To exploit this issue, an attacker would need to send a victim a malformed URL containing a target server that they control. Once a user successfully completed the login process, the victim user would then be redirected to the attacker controlled site.
References https://github.com/okta/okta-oidc-middleware
References
Detect and mitigate GMS-2023-8 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →