CVE-2022-0087
published 2022-01-12CVE-2022-0087: keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
PriorityP336medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.60%
83.4th percentile
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| keystone-6 | auth | >= 0 < 1.0.2 | 1.0.2 |
| keystone-next | auth | 0 – 37.0.0 | — |
| keystonejs | keystone | < 1.0.2 | 1.0.2 |
| keystonejs | keystonejs_keystone | >= unspecified < @keystone-6/[email protected] | @keystone-6/[email protected] |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect open redirect exploitation: look for HTTP response header 'Location: https://interact.sh' following a request to /signin?from= parameter ↗
- →Detect reflected XSS exploitation: look for 'alert(document.cookie)' reflected in the HTTP response body from the /signin?from= parameter ↗
- →The vulnerable endpoint is the login page at /signin with the 'from=' URL parameter, which is susceptible to both open redirect and reflected XSS
- →Monitor GET requests to /signin?from= containing javascript: URI scheme payloads as an indicator of XSS exploitation attempts
- ·Vulnerability is fixed in @keystone-6/auth >= 1.0.2; detections targeting this CVE are only relevant against unpatched instances running versions below this threshold
- ·The nuclei template uses two separate matchers (AND condition): one checks the response header for the redirect Location, the other checks the response body for the XSS payload reflection — both must match for a confirmed positive
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.07.1HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Reflected cross-site scripting (XSS) vulnerability
ghsa·2022-01-12
CVE-2022-0087 [HIGH] CWE-79 Reflected cross-site scripting (XSS) vulnerability
Reflected cross-site scripting (XSS) vulnerability
This security advisory relates to a capability for an attacker to exploit a reflected cross-site scripting vulnerability when using the `@keystone-6/auth` package.
#### Impact
The vulnerability can impact users of the administration user interface when following an untrusted link to the `signin` or `init` page.
This is a targeted attack and may present itself in the form of phishing and or chained in conjunction with some other vulnerability.
## Vulnerability mitigation
Please upgrade to `@keystone-6/auth >= 1.0.2`, where this vulnerability has been closed.
If you are using `@keystone-next/auth`, we **strongly** recommend you upgrade to `@keystone-6`.
### Workarounds
If for some reason you cannot upgrade the dependencies in software, y
OSV
Reflected cross-site scripting (XSS) vulnerability
osv·2022-01-12
CVE-2022-0087 [HIGH] Reflected cross-site scripting (XSS) vulnerability
Reflected cross-site scripting (XSS) vulnerability
This security advisory relates to a capability for an attacker to exploit a reflected cross-site scripting vulnerability when using the `@keystone-6/auth` package.
#### Impact
The vulnerability can impact users of the administration user interface when following an untrusted link to the `signin` or `init` page.
This is a targeted attack and may present itself in the form of phishing and or chained in conjunction with some other vulnerability.
## Vulnerability mitigation
Please upgrade to `@keystone-6/auth >= 1.0.2`, where this vulnerability has been closed.
If you are using `@keystone-next/auth`, we **strongly** recommend you upgrade to `@keystone-6`.
### Workarounds
If for some reason you cannot upgrade the dependencies in software, y
No detection rules found.
Nuclei
Keystone 6 Login Page - Open Redirect and Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-0087 [MEDIUM] Keystone 6 Login Page - Open Redirect and Cross-Site Scripting
Keystone 6 Login Page - Open Redirect and Cross-Site Scripting
On the login page, there is a "from=" parameter in URL which is vulnerable to open redirect and can be escalated to reflected XSS.
Template:
id: CVE-2022-0087
info:
name: Keystone 6 Login Page - Open Redirect and Cross-Site Scripting
author: ShivanshKhari
severity: medium
description: |
On the login page, there is a "from=" parameter in URL which is vulnerable to open redirect and can be escalated to reflected XSS.
impact: |
Attackers can redirect users to malicious websites or inject malicious JavaScript via the from parameter, potentially facilitating phishing attacks or stealing user credentials.
remediation: |
Please upgrade to @keystone-6/auth >= 1.0.2, where this vulnerability has been closed. If you are using @keysto
2022-01-12
Published