Lucene search
K

153 matches found

Chainguard
Chainguard
added 2024/05/08 4:15 p.m.34 views

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: kaf, regclient, kubernetes, step-fips, wait-for-port, helm-operator-fips, kafkaexporter, confluent-common-docker, nfs-subdir-external-provisioner, ctop, http-echo, cosign-fips, prometheus-postgres-exporter, eksctl, trillian, opentelemetry-collector-contrib-fips,...

5.9CVSS6.8AI score0.01001EPSS
Exploits0
Wolfi
Wolfi
added 2024/03/09 1:15 a.m.59 views

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: gomplate, dgraph, apko, kube-rbac-proxy, argo-workflows, kargo, dex, step, temporal, kubernetes-dashboard, wolfictl, step-ca, falcoctl, kubescape, timestamp-authority, rook, ko, bank-vaults, frp, tekton-chains, kots, policy-controller, goreleaser, guac, gitsign, zarf...

4.3CVSS6.6AI score0.01956EPSS
Exploits0
OSV
OSV
added 2024/03/06 10:59 a.m.29 views

BIT-OAUTH2-PROXY-2020-11053 Open Redirect in OAuth2 Proxy

In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is check...

7.1CVSS6.3AI score0.0079EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:59 a.m.10 views

BIT-OAUTH2-PROXY-2020-4037 Open Redirect in OAuth2 Proxy

In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked with...

5.8CVSS5.4AI score0.00896EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:59 a.m.14 views

BIT-OAUTH2-PROXY-2020-5233 Open Redirect in OAuth2 Proxy

OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0...

6.1CVSS6.2AI score0.01124EPSS
Exploits1References4
OSV
OSV
added 2024/03/06 10:59 a.m.18 views

BIT-OAUTH2-PROXY-2021-21291 Subdomain checking of whitelisted domains could allow unintended redirects

OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers Google, GitHub, and others to validate accounts by email, domain or group. In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a domain that ended in...

6.1CVSS6.2AI score0.01353EPSS
Exploits1References5
OSV
OSV
added 2024/03/06 10:59 a.m.16 views

BIT-OAUTH2-PROXY-2021-21411 Incorrect authorization in OAuth2-Proxy

OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted...

5.5CVSS5.3AI score0.00987EPSS
Exploits0References6
Chainguard
Chainguard
added 2024/03/05 11:15 p.m.77 views

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: kubeflow, kaf, kubernetes, slsa-verifier, kaniko, cluster-proportional-autoscaler, helm-operator-fips, kubeflow-fips, grpc-health-probe, nfs-subdir-external-provisioner, crossplane-provider-aws-kinesis, ctop, cosign-fips, prometheus-postgres-exporter, eksctl, trillia...

7.5CVSS6.7AI score0.01262EPSS
Exploits0
Chainguard
Chainguard
added 2023/10/25 9:17 p.m.83 views

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: kubeflow, conftest-fips, cortex, slsa-verifier, scorecard, buildkitd, prometheus-blackbox-exporter, spark-operator, terraform-provider-sendgrid-fips, timestamp-authority-fips, terraform-provider-sendgrid, metrics-server-fips, kubernetes-csi-livenessprobe-fips,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2023/10/25 9:17 p.m.179 views

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: src, dgraph, up, terraform-provider-sendgrid, buildkitd, falco, kubeflow, kubevela, cortex, k3d, spark-operator, slsa-verifier, kubescape, scorecard, prometheus-blackbox-exporter, aactl...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2023/10/11 10:15 p.m.2958 views

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, kaf, flux-notification-controller, kubeflow, runc, slsa-verifier, buildkitd, prometheus-blackbox-exporter, terraform-provider-sendgrid-fips, prometheus-operator, smarter-device-manager-fips, dynamic-localpv-provisioner-fips, kubeflow-fips,...

7.5CVSS6.7AI score0.03796EPSS
Exploits0
Wolfi
Wolfi
added 2023/10/10 9:28 p.m.43 views

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: grype, dex, kubeflow, bom, node-problem-detector, nats, coredns, flux-kustomize-controller, oauth2-proxy, terraform, secrets-store-csi-driver-provider-gcp, kubernetes-csi-livenessprobe, nghttp2, amass, hey, atlantis, mc, prometheus-blackbox-exporter, gomplate,...

5.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/12/20 5:59 p.m.33 views

Open Redirect in OAuth2 Proxy

Impact As users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user...

7.1CVSS0.1AI score0.0079EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/12/20 5:58 p.m.35 views

GHSA-5M6C-JP6F-2VCV Open Redirect in OAuth2 Proxy

Impact As users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user...

4.3CVSS5.4AI score0.00896EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/12/20 5:58 p.m.57 views

Open Redirect in OAuth2 Proxy

Impact As users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user...

5.8CVSS5.7AI score0.00896EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/05/25 6:42 p.m.26 views

GHSA-4MF2-F3WH-GVF2 Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy

Impact What kind of vulnerability is it? Who is impacted? For users that use the whitelist domain feature, a domain that ended in a similar way to the intended domain could have been allowed as a redirect. For example, if a whitelist domain was configured for .example.com, the intention is that...

5.4CVSS6.1AI score0.01353EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2021/05/25 6:42 p.m.543 views

Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy

Impact What kind of vulnerability is it? Who is impacted? For users that use the whitelist domain feature, a domain that ended in a similar way to the intended domain could have been allowed as a redirect. For example, if a whitelist domain was configured for .example.com, the intention is that...

6.1CVSS0.1AI score0.01353EPSS
Exploits1References6Affected Software2
CNVD
CNVD
added 2021/04/01 12:0 a.m.6 views

OAuth2 Proxy Access Control Error Vulnerability

OAuth2 Proxy is a reverse proxy that provides authentication with Google, Github or other providers. OAuth2 Proxy suffers from an access control error vulnerability that stems from the fact that none of the authorizations are restricted. No details of the vulnerability are available at this time...

5.5CVSS7AI score0.00987EPSS
Exploits0References1
OSV
OSV
added 2021/03/26 9:15 p.m.12 views

CVE-2021-21411

OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted...

5.5CVSS6.7AI score
Exploits0References5
NVD
NVD
added 2021/03/26 9:15 p.m.12 views

CVE-2021-21411

OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted...

5.5CVSS0.00987EPSS
Exploits0References5
Rows per page
Query Builder