FKIE_CVE-2022-31093

Vulnerability from fkie_nvd - Published: 2022-06-27 22:15 - Updated: 2024-11-21 07:03
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to the **API route handler timing out and logging in to fail**. This has been remedied in versions 3.29.5 and 4.5.0. If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Please see the documentation for more.
References
security-advisories@github.comhttps://github.com/nextauthjs/next-auth/commit/25517b73153332d948114bacdff3b5908de91d85Patch, Third Party Advisory
security-advisories@github.comhttps://github.com/nextauthjs/next-auth/commit/e498483b23273d1bfc81be68339607f88d411bd6Patch, Third Party Advisory
security-advisories@github.comhttps://github.com/nextauthjs/next-auth/security/advisories/GHSA-g5fm-jp9v-2432Mitigation, Third Party Advisory
security-advisories@github.comhttps://next-auth.js.org/configuration/initialization#advanced-initializationVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/nextauthjs/next-auth/commit/25517b73153332d948114bacdff3b5908de91d85Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/nextauthjs/next-auth/commit/e498483b23273d1bfc81be68339607f88d411bd6Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/nextauthjs/next-auth/security/advisories/GHSA-g5fm-jp9v-2432Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://next-auth.js.org/configuration/initialization#advanced-initializationVendor Advisory
Impacted products
Vendor Product Version
nextauth.js next-auth *
nextauth.js next-auth *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nextauth.js:next-auth:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "9433E695-3D8D-4D49-B349-C3C68F013FEE",
              "versionEndExcluding": "3.29.5",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nextauth.js:next-auth:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "6D08EEB4-7815-4127-B2CA-BE4B4258D8CD",
              "versionEndExcluding": "4.5.0",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to the **API route handler timing out and logging in to fail**. This has been remedied in versions 3.29.5 and 4.5.0. If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Please see the documentation for more."
    },
    {
      "lang": "es",
      "value": "NextAuth.js es una soluci\u00f3n completa de autenticaci\u00f3n de c\u00f3digo abierto para aplicaciones Next.js. En las versiones afectadas, un atacante puede enviar una petici\u00f3n a una aplicaci\u00f3n usando NextAuth.js con un par\u00e1metro de consulta \"callbackUrl\" no v\u00e1lido, que internamente es convertido en un objeto \"URL\". La instanciaci\u00f3n de la URL fallaba debido a que era pasada una URL malformada al constructor, lo que causaba que fuera lanzado un error no manejado que conllevaba a que el **manejador de rutas de la API se desconectara y el inicio de sesi\u00f3n fallara**. Esto ha sido remediado en versiones 3.29.5 y 4.5.0. Si por alguna raz\u00f3n no puedes actualizar, la mitigaci\u00f3n requiere que te apoyes en la Inicializaci\u00f3n Avanzada. Consulte la documentaci\u00f3n para obtener m\u00e1s informaci\u00f3n"
    }
  ],
  "id": "CVE-2022-31093",
  "lastModified": "2024-11-21T07:03:52.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-27T22:15:09.047",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/nextauthjs/next-auth/commit/25517b73153332d948114bacdff3b5908de91d85"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/nextauthjs/next-auth/commit/e498483b23273d1bfc81be68339607f88d411bd6"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://github.com/nextauthjs/next-auth/security/advisories/GHSA-g5fm-jp9v-2432"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://next-auth.js.org/configuration/initialization#advanced-initialization"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/nextauthjs/next-auth/commit/25517b73153332d948114bacdff3b5908de91d85"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/nextauthjs/next-auth/commit/e498483b23273d1bfc81be68339607f88d411bd6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://github.com/nextauthjs/next-auth/security/advisories/GHSA-g5fm-jp9v-2432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://next-auth.js.org/configuration/initialization#advanced-initialization"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.