CVE Vulnerability

CVE-2020-26938

In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA-Z][a-zA-Z0-9+.-]+:") before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741.

7.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/oauthjs/node-oauth2-server/issues/637 Issue Tracking Third Party Advisory
https://github.com/oauthjs/node-oauth2-server/blob/91d2cbe70a0eddc53d72def96864e2de0fd41703/lib/validator/is.js#L12 Exploit Third Party Advisory
https://tools.ietf.org/html/rfc6749#section-3.1.2 Third Party Advisory
https://tools.ietf.org/html/rfc3986#section-3 Third Party Advisory
https://github.com/oauthjs/node-oauth2-server/blob/91d2cbe70a0eddc53d72def96864e2de0fd41703/lib/grant-types/authorization-code-grant-type.js#L143 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:oauth2-server_project:oauth2-server:*:*:*:*:*:node.js:*:*
Information

Published : 2022-08-29 09:15

Updated : 2022-09-07 08:15

NVD link : CVE-2020-26938

Mitre link : CVE-2020-26938

Products Affected
No products.
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')