Open redirect via returnTo

[MrYadro]

returnTo parameter is not validated which causes redirecting to arbitrary website after login.

https://app.jetkvm.com/login?returnTo=https%3A%2F%2Fexample.com%2F

cloud-api/src/oidc.ts

Lines 151 to 158 in ae4bc80

	const url = new URL(returnTo);
	url.searchParams.append("tempToken", tempToken);
	url.searchParams.append("deviceId", deviceId);
	url.searchParams.append("oidcGoogle", tokenSet.id_token.toString());
	url.searchParams.append("clientId", process.env.GOOGLE_CLIENT_ID);
	return res.redirect(url.toString());
	}
	return res.redirect(returnTo);

Possible fix: validate domain against APP_HOSTNAME