logo

Database

Server-side request forgery (SSRF) In keycloak-connect

Description

keycloak-connect contains Open redirect vulnerability in the Node.js adapter There is an Open Redirect vulnerability in the Node.js adapter when forwarding requests to Keycloak using checkSSO with query param prompt=none.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-22372. NVD-2022-22373. OSV-2022-22374. GHSA-59fq-727j-hm3f5. GCVE-2022-2237

References

1. https://github.com/keycloak/keycloak-nodejs-connect/security/advisories/GHSA-59fq-727j-hm3f2. https://github.com/keycloak/keycloak-nodejs-connect/commit/190a9470e234bbd9ac5d5de43f5a19aead9a2c213. https://bugzilla.redhat.com/show_bug.cgi?id=2097007

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.