returnTo parameter is not validated which causes redirecting to arbitrary website after login.
https://app.jetkvm.com/login?returnTo=https%3A%2F%2Fexample.com%2F
|
const url = new URL(returnTo); |
|
url.searchParams.append("tempToken", tempToken); |
|
url.searchParams.append("deviceId", deviceId); |
|
url.searchParams.append("oidcGoogle", tokenSet.id_token.toString()); |
|
url.searchParams.append("clientId", process.env.GOOGLE_CLIENT_ID); |
|
return res.redirect(url.toString()); |
|
} |
|
return res.redirect(returnTo); |
Possible fix: validate domain against APP_HOSTNAME
returnTo parameter is not validated which causes redirecting to arbitrary website after login.
https://app.jetkvm.com/login?returnTo=https%3A%2F%2Fexample.com%2F
cloud-api/src/oidc.ts
Lines 151 to 158 in ae4bc80
Possible fix: validate domain against APP_HOSTNAME