153 matches found
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: kaf, regclient, kubernetes, step-fips, wait-for-port, helm-operator-fips, kafkaexporter, confluent-common-docker, nfs-subdir-external-provisioner, ctop, http-echo, cosign-fips, prometheus-postgres-exporter, eksctl, trillian, opentelemetry-collector-contrib-fips,...
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: gomplate, dgraph, apko, kube-rbac-proxy, argo-workflows, kargo, dex, step, temporal, kubernetes-dashboard, wolfictl, step-ca, falcoctl, kubescape, timestamp-authority, rook, ko, bank-vaults, frp, tekton-chains, kots, policy-controller, goreleaser, guac, gitsign, zarf...
BIT-OAUTH2-PROXY-2020-11053 Open Redirect in OAuth2 Proxy
In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is check...
BIT-OAUTH2-PROXY-2020-4037 Open Redirect in OAuth2 Proxy
In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked with...
BIT-OAUTH2-PROXY-2020-5233 Open Redirect in OAuth2 Proxy
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0...
BIT-OAUTH2-PROXY-2021-21291 Subdomain checking of whitelisted domains could allow unintended redirects
OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers Google, GitHub, and others to validate accounts by email, domain or group. In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a domain that ended in...
BIT-OAUTH2-PROXY-2021-21411 Incorrect authorization in OAuth2-Proxy
OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted...
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: kubeflow, kaf, kubernetes, slsa-verifier, kaniko, cluster-proportional-autoscaler, helm-operator-fips, kubeflow-fips, grpc-health-probe, nfs-subdir-external-provisioner, crossplane-provider-aws-kinesis, ctop, cosign-fips, prometheus-postgres-exporter, eksctl, trillia...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: kubeflow, conftest-fips, cortex, slsa-verifier, scorecard, buildkitd, prometheus-blackbox-exporter, spark-operator, terraform-provider-sendgrid-fips, timestamp-authority-fips, terraform-provider-sendgrid, metrics-server-fips, kubernetes-csi-livenessprobe-fips,...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: src, dgraph, up, terraform-provider-sendgrid, buildkitd, falco, kubeflow, kubevela, cortex, k3d, spark-operator, slsa-verifier, kubescape, scorecard, prometheus-blackbox-exporter, aactl...
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, kaf, flux-notification-controller, kubeflow, runc, slsa-verifier, buildkitd, prometheus-blackbox-exporter, terraform-provider-sendgrid-fips, prometheus-operator, smarter-device-manager-fips, dynamic-localpv-provisioner-fips, kubeflow-fips,...
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: grype, dex, kubeflow, bom, node-problem-detector, nats, coredns, flux-kustomize-controller, oauth2-proxy, terraform, secrets-store-csi-driver-provider-gcp, kubernetes-csi-livenessprobe, nghttp2, amass, hey, atlantis, mc, prometheus-blackbox-exporter, gomplate,...
Open Redirect in OAuth2 Proxy
Impact As users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user...
GHSA-5M6C-JP6F-2VCV Open Redirect in OAuth2 Proxy
Impact As users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user...
Open Redirect in OAuth2 Proxy
Impact As users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user...
GHSA-4MF2-F3WH-GVF2 Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy
Impact What kind of vulnerability is it? Who is impacted? For users that use the whitelist domain feature, a domain that ended in a similar way to the intended domain could have been allowed as a redirect. For example, if a whitelist domain was configured for .example.com, the intention is that...
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy
Impact What kind of vulnerability is it? Who is impacted? For users that use the whitelist domain feature, a domain that ended in a similar way to the intended domain could have been allowed as a redirect. For example, if a whitelist domain was configured for .example.com, the intention is that...
OAuth2 Proxy Access Control Error Vulnerability
OAuth2 Proxy is a reverse proxy that provides authentication with Google, Github or other providers. OAuth2 Proxy suffers from an access control error vulnerability that stems from the fact that none of the authorizations are restricted. No details of the vulnerability are available at this time...
CVE-2021-21411
OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted...
CVE-2021-21411
OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted...