Lucene search
K

153 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/14 10:14 p.m.3 views

CVE-2026-34457

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/14 10:14 p.m.20 views

CVE-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

9.1CVSS0.00475EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 10:14 p.m.18 views

CVE-2026-34457

CVE-2026-34457 affects OAuth2 Proxy prior to 7.15.2. In deployments using an auth_request-style integration (e.g., nginx auth_request) with either --ping-user-agent or --gcp-healthchecks enabled, any request bearing the configured health-check User-Agent is treated as authenticated, bypassing log...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 10:14 p.m.3 views

CVE-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/14 10:10 p.m.2 views

CVE-2026-34454 OAuth2 Proxy: Session cookie not cleared when rendering sign-in page

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be...

3.5CVSS5.8AI score0.00183EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 10:10 p.m.4 views

CVE-2026-34454

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be...

3.5CVSS5.8AI score0.00183EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/14 10:10 p.m.15 views

CVE-2026-34454

OAuth2 Proxy (oauth2-proxy) has a regression introduced in 7.11.0 where the session cookie is not cleared when rendering the sign-in page. This can allow a remaining authenticated session on the browser, particularly for logout flows that rely on the sign-in page. The issue is fixed in 7.15.2. De...

3.5CVSS5.8AI score0.00183EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.9 views

PT-2026-32954

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions 7.11.0 through 7.15.1 Description A regression prevents the reverse proxy from clearing the session cookie when rendering the sign-in page. In deployments relying on the sign-in page for the logout flow, the browser sessi...

3.5CVSS5.8AI score0.00183EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

OAuth2 Proxy 安全漏洞

OAuth2 Proxy is a reverse proxy that can provide authentication for interactions with Google, Github, or other providers. Versions of OAuth2 Proxy prior to 7.15.2 contained a security vulnerability. This vulnerability stemmed from a configuration-related authentication bypass, which could allow...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.15 views

OAuth2 Proxy 代码问题漏洞

OAuth2 Proxy is a product developed by OAuth2 Proxy organization that can provide a reverse proxy for authentication with Google, Github, or other providers. Versions of OAuth2 Proxy from 7.11.0 to 7.15.2 had code-related vulnerabilities. This vulnerability stemmed from a regression issue that...

3.5CVSS5.8AI score0.00183EPSS
Exploits0References2
Wolfi
Wolfi
added 2026/03/10 1:48 p.m.8 views

GHSA-RV83-G57W-FR8J vulnerabilities

Vulnerabilities for packages: kratos, gitlab-kas, src, nri-mssql, neuvector-sigstore-interface, portieris, kapp, github-mcp-server, kubescape, kubernetes-dashboard, podman, nri-mongodb, percona-server-mongodb-operator, kubernetes-dns-node-cache, grafana-operator, k8sgpt, rancher-agent, polaris,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/03/10 1:48 p.m.5 views

GHSA-J3GX-2473-5FP8 vulnerabilities

Vulnerabilities for packages: gitlab-kas, src, nri-mssql, neuvector-sigstore-interface, portieris, kapp, github-mcp-server, kubescape, kubernetes-dashboard, podman, nri-mongodb, percona-server-mongodb-operator, kubernetes-dns-node-cache, grafana-operator, k8sgpt, rancher-agent, polaris, promxy,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/03/10 1:48 p.m.7 views

CVE-2026-27142 vulnerabilities

Vulnerabilities for packages: lvm-driver, azuredisk-csi, tflint, cert-manager-cmctl, gitlab-kas, src, tempo, neuvector-sigstore-interface, syft, kubescape, kubernetes-csi-driver-hostpath, secrets-store-csi-driver, kubernetes-dashboard, minio, buildah, opencost, flux-image-reflector-controller,...

6.1CVSS6.8AI score0.00328EPSS
Exploits0
Wolfi
Wolfi
added 2026/03/10 1:48 p.m.7 views

GHSA-J4J7-VW47-RHFQ vulnerabilities

Vulnerabilities for packages: lvm-driver, azuredisk-csi, tflint, cert-manager-cmctl, gitlab-kas, src, tempo, neuvector-sigstore-interface, syft, kubescape, kubernetes-csi-driver-hostpath, secrets-store-csi-driver, kubernetes-dashboard, minio, buildah, opencost, flux-image-reflector-controller,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/03/10 1:48 p.m.18 views

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: gitlab-kas, src, nri-mssql, neuvector-sigstore-interface, portieris, kapp, github-mcp-server, kubescape, kubernetes-dashboard, podman, nri-mongodb, percona-server-mongodb-operator, kubernetes-dns-node-cache, grafana-operator, k8sgpt, rancher-agent, polaris, promxy,...

7.5CVSS7AI score0.00728EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.4 views

FreeBSD : oauth2-proxy -- multiple vulnerabilities (10319b08-f050-4beb-95e3-fe025cdafd25)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 10319b08-f050-4beb-95e3-fe025cdafd25 advisory. During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields...

10CVSS6AI score0.00765EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.7 views

FreeBSD : oauth2-proxy -- multiple vulnerabilities (fb561db9-0fc1-4d92-81a2-ee01839c9119)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fb561db9-0fc1-4d92-81a2-ee01839c9119 advisory. Within HostnameError.Error, when constructing an error string, there is no limit to the number...

7.5CVSS5.7AI score0.00533EPSS
Exploits2References5
OSV
OSV
added 2025/11/17 7:11 p.m.6 views

GO-2025-4113 OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation in github.com/oauth2-proxy/oauth2-proxy

OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation in github.com/oauth2-proxy/oauth2-proxy...

8.5CVSS6.8AI score0.00633EPSS
Exploits0References8
EUVD
EUVD
added 2025/11/12 9:42 p.m.5 views

EUVD-2025-50825

OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation...

8.5CVSS6.4AI score0.00633EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/11/12 9:42 p.m.13 views

OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation

Impact All deployments of OAuth2 Proxy in front of applications that normalize underscores to dashes in HTTP headers e.g., WSGI-based frameworks such as Django, Flask, FastAPI, and PHP applications. Authenticated users can inject underscore variants of X-Forwarded- headers that bypass the proxy’s...

8.5CVSS6.5AI score0.00633EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder