2 matches found
CVE-2020-4037
CVE-2020-4037 concerns OAuth2 Proxy where versions 5.1.1 and older (up to 5.9.x) allow a user-supplied redirect URL at the end of the authentication flow. The redirect target is validated by the proxy, but the issue arises from insufficiently restricted redirects, potentially enabling open redire...
CVE-2020-4037 Open Redirect in OAuth2 Proxy
In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked with...