Miggo Logo
Miggo Vulnerability Database
CVE-2022-2237

CVE-2022-2237: keycloak-connect contains Open redirect vulnerability in the Node.js adapter

6.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-2237
GHSA ID
GHSA-59fq-727j-hm3f
EPSS Score
0.25731%
CWE
CWE-601
Published
3/2/2023
Updated
4/4/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
keycloak-connectnpm< 21.0.121.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit diff shows the vulnerability was in the URL formatting logic within check-sso.js. The unpatched code used URL.format(urlParts) to construct redirect URLs, which preserved multiple leading slashes. This allowed relative URLs starting with '//' to bypass security checks and redirect to external domains. The patch explicitly addresses this by adding a regex replacement (replace(/^/+/, '/')) to collapse leading slashes, confirming this was the vulnerable code path. The CWE-601 classification and advisory descriptions directly match this URL validation flaw in the checkSSO flow.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T**r* is *n Op*n R**ir**t vuln*r**ility in t** No**.js ***pt*r w**n *orw*r*in* r*qu*sts to K*y*lo*k usin* `****kSSO` wit* qu*ry p*r*m `prompt=non*`.

Reasoning

T** *ommit *i** s*ows t** vuln*r**ility w*s in t** URL *orm*ttin* lo*i* wit*in ****k-sso.js. T** unp*t**** *o** us** URL.*orm*t(urlP*rts) to *onstru*t r**ir**t URLs, w*i** pr*s*rv** multipl* l***in* sl*s**s. T*is *llow** r*l*tiv* URLs st*rtin* wit* '