Lucene search
+L

1196 matches found

Snyk
Snyk
added 2026/04/22 12:8 a.m.5 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00477EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.5 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00477EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.4 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the processing of request paths containing a number sign or its encoded form %23 when using skipauthroutes or skipauthregex settings. An attacker can gain unauthorized access t...

8.3CVSS5.4AI score0.00275EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.5 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the processing of request paths containing a number sign or its encoded form %23 when using skipauthroutes or skipauthregex settings. An attacker can gain unauthorized access t...

8.3CVSS5.4AI score0.00275EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.14 views

OAuth2 Proxy 安全漏洞

OAuth2 Proxy is a product developed by OAuth2 Proxy organization that can provide a reverse proxy for authentication with Google, Github, or other providers. There were security vulnerabilities in the versions of OAuth2 Proxy from 7.5.0 to 7.15.1. These vulnerabilities stemmed from the possibilit...

9.1CVSS5.8AI score0.00477EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.19 views

OAuth2 Proxy 安全漏洞

OAuth2 Proxy is a product developed by OAuth2 Proxy organization that can provide a reverse proxy for authentication with Google, Github, or other providers. Versions 7.5.0 to 7.15.1 of OAuth2 Proxy have security vulnerabilities. These vulnerabilities stem from configuration-related authenticatio...

8.2CVSS5.8AI score0.00275EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 11:20 p.m.5 views

CVE-2026-40575

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...

9.1CVSS5.8AI score0.00477EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 11:20 p.m.4 views

CVE-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...

9.1CVSS5.8AI score0.00477EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 11:20 p.m.21 views

CVE-2026-40575

OAuth2 Proxy versions 7.5.0–7.15.1 can trust a client-supplied X-Forwarded-Uri when --reverse-proxy and at least one --skip-auth-regex/--skip-auth-route are configured, enabling header spoofing that makes authentication rules run against a different path. This can let an unauthenticated attacker ...

9.1CVSS5.8AI score0.00477EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/21 11:20 p.m.10 views

EUVD-2026-24557

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...

9.1CVSS5.8AI score0.00477EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 11:17 p.m.8 views

CVE-2026-41059

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex; use of patterns...

8.2CVSS5.7AI score0.00275EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/21 11:17 p.m.30 views

CVE-2026-41059 OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex; use of patterns...

8.2CVSS0.00275EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 11:17 p.m.6 views

EUVD-2026-24559

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex; use of patterns...

8.2CVSS5.7AI score0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 11:17 p.m.74 views

CVE-2026-41059

The CVE concerns OAuth2 Proxy (versions 7.5.0–7.15.1) where a configuration-driven authentication bypass can occur due to patterns in skip_auth_routes or legacy skip_auth_regex. Attacks are possible when attacker-controlled suffixes widen patterns (for example, ^/foo/.*/bar$) so that a # in the p...

8.2CVSS5.7AI score0.00275EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/21 11:17 p.m.3 views

CVE-2026-41059 OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex; use of patterns...

8.2CVSS5.9AI score0.00275EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/21 7:11 p.m.6 views

Incorrect Authorization

Overview github.com/oauth2-proxy/oauth2-proxy is a reverse proxy that provides authentication with Google, Github or other providers. Affected versions of this package are vulnerable to Incorrect Authorization in the email domain validation. An attacker can gain unauthorized access by submitting ...

7.6CVSS5.5AI score0.00209EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 5:16 p.m.5 views

CVE-2026-40574

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the emaildomain enforcement option. An attacker may be able to authenticate with an email claim such as [email protected]@company.com and...

6.8CVSS0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 4:32 p.m.35 views

CVE-2026-40574 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the emaildomain enforcement option. An attacker may be able to authenticate with an email claim such as [email protected]@company.com and...

6.8CVSS0.00209EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 4:32 p.m.6 views

CVE-2026-40574

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the emaildomain enforcement option. An attacker may be able to authenticate with an email claim such as [email protected]@company.com and...

6.8CVSS5.7AI score0.00209EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/21 4:32 p.m.22 views

CVE-2026-40574

CVE-2026-40574 affects OAuth2 Proxy. Affected: deployments using email_domain restrictions. Issue: authorization bypass where an attacker can use a malformed multi-@ email claim (e.g., [email protected]@company.com) to satisfy a company.com domain check, even though the claim is not a valid email...

6.8CVSS5.7AI score0.00209EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder