7.1

CVSS Score

3.0

Basic Information

CVE ID

CVE-2022-0087

GHSA ID

GHSA-hrgx-7j6v-xj82

EPSS Score

0.97679%

CWE

CWE-79

Published

1/12/2022

Updated

2/3/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-0087

CVE-2022-0087: Reflected cross-site scripting (XSS) vulnerability

This security advisory relates to a capability for an attacker to exploit a reflected cross-site scripting vulnerability when using the @keystone-6/auth package.

Impact

The vulnerability can impact users of the administration user interface when following an untrusted link to the signin or init page. This is a targeted attack and may present itself in the form of phishing and or chained in conjunction with some other vulnerability.

Vulnerability mitigation

Please upgrade to @keystone-6/auth >= 1.0.2, where this vulnerability has been closed. If you are using @keystone-next/auth, we strongly recommend you upgrade to @keystone-6.

Workarounds

If for some reason you cannot upgrade the dependencies in software, you could alternatively

disable the administration user interface, or
if using a reverse-proxy, strip query parameters when accessing the administration interface

References

https://owasp.org/www-community/attacks/xss/

Thanks to Shivansh Khari (@Shivansh-Khari) for discovering and reporting this vulnerability

(GitHub Advisory)

7.1

CVSS Score

3.0

Basic Information

CVE ID

CVE-2022-0087

GHSA ID

GHSA-hrgx-7j6v-xj82

EPSS Score

0.97679%

CWE

CWE-79

Published

1/12/2022

Updated

2/3/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
@keystone-6/auth	npm	< 1.0.2	1.0.2
@keystone-next/auth	npm	<= 37.0.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The core vulnerability stemmed from improper handling of the 'from' query parameter in two key areas: 1) In createAuth's redirect generation, where untrusted input was embedded in URLs without context-aware validation(). 2) In page components that directly consumed the 'from' parameter without sanitization. The fix introduced validation checks (pathname === '/' condition) and a useRedirect hook to sanitize the parameter, confirming the original vulnerability existed in these parameter handling paths. The XSS exploit would occur when malicious 'from' values were reflected in admin UI responses without proper escaping.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T*is s**urity **visory r*l*t*s to * **p**ility *or *n *tt**k*r to *xploit * r**l**t** *ross-sit* s*riptin* vuln*r**ility w**n usin* t** `@k*yston*-*/*ut*` p**k***. #### Imp**t T** vuln*r**ility **n imp**t us*rs o* t** **ministr*tion us*r int*r**** w

Reasoning

T** *or* vuln*r**ility st*mm** *rom improp*r **n*lin* o* t** '*rom' qu*ry p*r*m*t*r in two k*y *r**s: *) In `*r**t**ut*`'s r**ir**t **n*r*tion, w**r* untrust** input w*s *m****** in URLs wit*out *ont*xt-*w*r* `v*li**tion()`. *) In p*** *ompon*nts t**

7.1

Basic Information

Concerned about an active attack path?

CVE-2022-0087: Reflected cross-site scripting (XSS) vulnerability

Impact

Vulnerability mitigation

Workarounds

References

7.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI