2 matches found
CVE-2020-11053
In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is check...
CVE-2020-11053
Summary: Vulnerability in OAuth2 Proxy prior to 5.1.1 allows an open redirect by bypassing redirect URL validation through HTML-encoded whitespace characters. This could let an attacker steer an authenticated user to an arbitrary URL after login. The issue is mitigated in version 5.1.1 by patchin...