CVE-2020-26938 - OpenCVE

In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA-Z][a-zA-Z0-9+.-]+:") before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oauth2-server Project	Oauth2-server

Configuration 1 [-]

cpe:2.3:a:oauth2-server_project:oauth2-server:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://github.com/oauthjs/node-oauth2-server/blob/91d2cbe70a0eddc53d72def96864e2de0fd41703/lib/grant-types/authorization-code-grant-type.js#L143
https://github.com/oauthjs/node-oauth2-server/blob/91d2cbe70a0eddc53d72def96864e2de0fd41703/lib/validator/is.js#L12
https://github.com/oauthjs/node-oauth2-server/issues/637
https://tools.ietf.org/html/rfc3986#section-3
https://tools.ietf.org/html/rfc6749#section-3.1.2

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-08-29T20:51:04

Updated: 2024-08-04T16:03:23.138Z

Reserved: 2020-10-10T00:00:00

Link: CVE-2020-26938

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-29T21:15:08.863

Modified: 2022-09-07T20:15:34.600

Link: CVE-2020-26938

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern (\"[a-zA-Z][a-zA-Z0-9+.-]+:\") before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-29T20:51:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/oauthjs/node-oauth2-server/issues/637"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/oauthjs/node-oauth2-server/blob/91d2cbe70a0eddc53d72def96864e2de0fd41703/lib/validator/is.js#L12"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/oauthjs/node-oauth2-server/blob/91d2cbe70a0eddc53d72def96864e2de0fd41703/lib/grant-types/authorization-code-grant-type.js#L143"}, {"tags": ["x_refsource_MISC"], "url": "https://tools.ietf.org/html/rfc3986#section-3"}, {"tags": ["x_refsource_MISC"], "url": "https://tools.ietf.org/html/rfc6749#section-3.1.2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-26938", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern (\"[a-zA-Z][a-zA-Z0-9+.-]+:\") before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/oauthjs/node-oauth2-server/issues/637", "refsource": "MISC", "url": "https://github.com/oauthjs/node-oauth2-server/issues/637"}, {"name": "https://github.com/oauthjs/node-oauth2-server/blob/91d2cbe70a0eddc53d72def96864e2de0fd41703/lib/validator/is.js#L12", "refsource": "MISC", "url": "https://github.com/oauthjs/node-oauth2-server/blob/91d2cbe70a0eddc53d72def96864e2de0fd41703/lib/validator/is.js#L12"}, {"name": "https://github.com/oauthjs/node-oauth2-server/blob/91d2cbe70a0eddc53d72def96864e2de0fd41703/lib/grant-types/authorization-code-grant-type.js#L143", "refsource": "MISC", "url": "https://github.com/oauthjs/node-oauth2-server/blob/91d2cbe70a0eddc53d72def96864e2de0fd41703/lib/grant-types/authorization-code-grant-type.js#L143"}, {"name": "https://tools.ietf.org/html/rfc3986#section-3", "refsource": "MISC", "url": "https://tools.ietf.org/html/rfc3986#section-3"}, {"name": "https://tools.ietf.org/html/rfc6749#section-3.1.2", "refsource": "MISC", "url": "https://tools.ietf.org/html/rfc6749#section-3.1.2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:03:23.138Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/oauthjs/node-oauth2-server/issues/637"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/oauthjs/node-oauth2-server/blob/91d2cbe70a0eddc53d72def96864e2de0fd41703/lib/validator/is.js#L12"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/oauthjs/node-oauth2-server/blob/91d2cbe70a0eddc53d72def96864e2de0fd41703/lib/grant-types/authorization-code-grant-type.js#L143"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://tools.ietf.org/html/rfc3986#section-3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://tools.ietf.org/html/rfc6749#section-3.1.2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-26938", "datePublished": "2022-08-29T20:51:04", "dateReserved": "2020-10-10T00:00:00", "dateUpdated": "2024-08-04T16:03:23.138Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oauth2-server_project:oauth2-server:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "7FFE5BBB-4620-482D-A32F-D416AA7E4ADA", "versionEndIncluding": "3.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern (\"[a-zA-Z][a-zA-Z0-9+.-]+:\") before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741."}, {"lang": "es", "value": "En oauth2-server (tambi\u00e9n se conoce como node-oauth2-server) versiones hasta 3.1.1, el valor del par\u00e1metro redirect_uri recibido durante la petici\u00f3n de autorizaci\u00f3n y token es comprobado con un patr\u00f3n URI incorrecto (\"[a-zA-Z][a-zA-Z0-9+.-]+:\") antes de realizar un redireccionamiento. Esto permite a un cliente malicioso pasar una carga \u00fatil de tipo XSS mediante el par\u00e1metro redirect_uri mientras realiza una petici\u00f3n de autorizaci\u00f3n. NOTA: esta vulnerabilidad es similar a la CVE-2020-7741"}], "id": "CVE-2020-26938", "lastModified": "2022-09-07T20:15:34.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-29T21:15:08.863", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/oauthjs/node-oauth2-server/blob/91d2cbe70a0eddc53d72def96864e2de0fd41703/lib/grant-types/authorization-code-grant-type.js#L143"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/oauthjs/node-oauth2-server/blob/91d2cbe70a0eddc53d72def96864e2de0fd41703/lib/validator/is.js#L12"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/oauthjs/node-oauth2-server/issues/637"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://tools.ietf.org/html/rfc3986#section-3"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://tools.ietf.org/html/rfc6749#section-3.1.2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}