Lucene search

Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy

🗓️ 25 May 2021 18:20:42Reported by GitHub Advisory DatabaseType

github🔗 github.com👁 524 Views

Subdomain checking of whitelisted domains in oauth2-prox

Reporter	Title	Published	Views	Family All 11
Tenable Nessus	FreeBSD : oauth2-proxy -- domain whitelist could be used as redirect (3003ba60-6cec-11eb-8815-040e3c1b8a02)	12 Feb 202100:00	–	nessus
Prion	Design/Logic Flaw	2 Feb 202119:15	–	prion
OSV	Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy	25 May 202118:42	–	osv
OSV	CVE-2021-21291	2 Feb 202119:15	–	osv
OSV	GO-2022-0790 Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy in github.com/oauth2-proxy/oauth2-proxy	21 Aug 202415:28	–	osv
OSV	BIT-oauth2-proxy-2021-21291	6 Mar 202410:59	–	osv
Cvelist	CVE-2021-21291 Subdomain checking of whitelisted domains could allow unintended redirects	2 Feb 202119:05	–	cvelist
NVD	CVE-2021-21291	2 Feb 202119:15	–	nvd
Veracode	Open Redirection	3 Feb 202104:02	–	veracode
CVE	CVE-2021-21291	2 Feb 202119:15	–	cve

Source	Link
github	www.github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-4mf2-f3wh-gvf2
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-21291
github	www.github.com/oauth2-proxy/oauth2-proxy/commit/780ae4f3c99b579cb2ea9845121caebb6192f725
github	www.github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.0.0
pkg	www.pkg.go.dev/github.com/oauth2-proxy/oauth2-proxy/v7
github	www.github.com/advisories/GHSA-4mf2-f3wh-gvf2

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

25 May 2021 18:42Current

0.1Low risk

Vulners AI Score0.1

CVSS25.8

CVSS34.7 - 6.1

EPSS0.00161

CWE-601