153 matches found
CVE-2020-11053
In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is check...
Open redirect
In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is check...
CVE-2020-11053
Summary: Vulnerability in OAuth2 Proxy prior to 5.1.1 allows an open redirect by bypassing redirect URL validation through HTML-encoded whitespace characters. This could let an attacker steer an authenticated user to an arbitrary URL after login. The issue is mitigated in version 5.1.1 by patchin...
CVE-2020-11053 Open Redirect in OAuth2 Proxy
In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is check...
CVE-2020-11053 Open Redirect in OAuth2 Proxy
In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is check...
OAuth2 Proxy Open Redirect Vulnerability
OAuth2 Proxy is an OAuth2 proxy service program. OAuth2 Proxy has an input validation vulnerability that can be exploited by remote attackers to submit malicious URIs and trick users into parsing them, which can be used to perform redirection attacks, hijack sessions by obtaining sensitive...
CVE-2020-5233
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0...
CVE-2020-5233
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0...
Open redirect
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0...
CVE-2020-5233 Open Redirect in OAuth2 Proxy
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0...
CVE-2020-5233
CVE-2020-5233 affects the OAuth2 Proxy project (github.com/pusher/oauth2_proxy) prior to version 5.0, where an open redirect vulnerability exists in the redirect handling. The vulnerable component is the redirect/redirect URL validation path, enabling an attacker to silently harvest authenticatio...
PT-2020-18329 · Oauth2 Proxy · Oauth2 Proxy
Name of the Vulnerable Software and Affected Versions: oauth2 proxy versions prior to 5.0 Description: An open redirect vulnerability has been found in oauth2 proxy. This issue could allow an attacker to silently harvest authentication tokens. For example, an attacker could use a URL like...
Bitly oauth2_proxy Cross-Site Request Forgery Vulnerability
Bitly oauth2proxy is a reverse proxy server that provides authentication with Google, Github and other providers. A cross-site request forgery vulnerability exists in Bitly oauth2proxy version 2.1. A remote attacker can exploit this vulnerability to perform unauthorized operations...