Lucene search
K

153 matches found

NVD
NVD
added 2025/07/30 8:15 p.m.11 views

CVE-2025-54576

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skipauthroutes configuration option...

9.1CVSS0.01133EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/07/30 7:41 p.m.16 views

OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion

Impact This vulnerability affects oauth2-proxy deployments using the skipauthroutes configuration option with regex patterns. The vulnerability allows attackers to bypass authentication by crafting URLs with query parameters that satisfy the configured regex patterns, potentially gaining...

9.1CVSS6.6AI score0.01133EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2025/07/30 7:41 p.m.5 views

GHSA-7RH7-C77V-6434 OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion

Impact This vulnerability affects oauth2-proxy deployments using the skipauthroutes configuration option with regex patterns. The vulnerability allows attackers to bypass authentication by crafting URLs with query parameters that satisfy the configured regex patterns, potentially gaining...

9.1CVSS7.5AI score0.01133EPSS
Exploits1References8
Cvelist
Cvelist
added 2025/07/30 7:41 p.m.12 views

CVE-2025-54576 OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skipauthroutes configuration option...

9.1CVSS0.01133EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/07/30 7:41 p.m.3 views

CVE-2025-54576 OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skipauthroutes configuration option...

9.1CVSS6.5AI score0.01133EPSS
Exploits1References6
CVE
CVE
added 2025/07/30 7:41 p.m.111 views

CVE-2025-54576

Observations on CVE-2025-54576 : OAuth2-Proxy versions up to 7.10.0 expose an authentication bypass when using skip_auth_routes with regex patterns, because skip_auth_routes can match the full request URI (path + query parameters) instead of only the path. This allows an attacker to craft URLs wi...

9.1CVSS6.5AI score0.01133EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/07/30 7:41 p.m.8 views

CVE-2025-54576 OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skipauthroutes configuration option...

9.1CVSS6.8AI score0.01133EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2025/07/30 4:21 p.m.11 views

OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0

The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted. Additionally, any authenticated users had whichever groups were set in --gitlab-group added to the new...

5.5CVSS5.1AI score0.00987EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/07/30 4:21 p.m.3 views

GHSA-652X-M2GR-HPPM OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0

The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted. Additionally, any authenticated users had whichever groups were set in --gitlab-group added to the new...

5.5CVSS6.7AI score0.00987EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/07/30 12:0 a.m.6 views

PT-2025-31437

Name of the Vulnerable Software and Affected Versions OAuth2-Proxy versions 7.10.0 and earlier Description OAuth2-Proxy deployments using the skip auth routes configuration option with regex patterns are vulnerable to authentication bypass. Attackers can craft URLs with malicious query parameters...

9.1CVSS6.8AI score0.01133EPSS
Exploits1References35
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.7 views

OAuth2-Proxy 安全漏洞

oauth2-proxy is a reverse proxy software from the OAuth2 Proxy open source. A security vulnerability exists in OAuth2-Proxy version 7.10.0 and earlier, which stems from the possibility of bypassing authentication when the skipauthroutes configuration option uses regular expressions...

9.1CVSS6.9AI score0.01133EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/22 9:31 p.m.7 views

CVE-2021-21411

OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted...

5.5CVSS6.7AI score0.00987EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:30 p.m.8 views

CVE-2021-21291

OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers Google, GitHub, and others to validate accounts by email, domain or group. In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a domain that ended in...

6.1CVSS7AI score0.01353EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:42 p.m.7 views

CVE-2020-5233

OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0...

6.1CVSS6.8AI score0.01124EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 2:12 p.m.9 views

CVE-2020-11053

In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is check...

7.1CVSS6.5AI score0.0079EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/01/30 12:0 a.m.12 views

FreeBSD : oauth2-proxy -- Non-linear parsing of case-insensitive content (258a58a9-6583-4808-986b-e785c27b0a18)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 258a58a9-6583-4808-986b-e785c27b0a18 advisory. Golang reports: This update include security fixes: Tenable has extracted the preceding description blo...

5.3CVSS7.3AI score0.00856EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2025/01/14 12:0 a.m.4 views

oauth2-proxy -- Non-linear parsing of case-insensitive content

Golang reports: This update include security fixes: CVE-2024-45338: Non-linear parsing of case-insensitive content...

5.3CVSS5.8AI score0.00856EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/10/21 12:0 a.m.8 views

FreeBSD : oauth2-proxy -- multiple vulnerabilities (dbe8c5bd-8d3f-11ef-8d2e-a04a5edf46d9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the dbe8c5bd-8d3f-11ef-8d2e-a04a5edf46d9 advisory. The oauth2-proxy project reports: Vulnerabilities have been addressed: Tenable has extracted t...

9.8CVSS7.2AI score0.01956EPSS
Exploits0References8
FreeBSD
FreeBSD
added 2024/10/02 12:0 a.m.24 views

oauth2-proxy -- multiple vulnerabilities

The oauth2-proxy project reports: Vulnerabilities have been addressed: CVE-2024-24786 CVE-2024-24791 CVE-2024-24790 CVE-2024-24784 CVE-2024-28180 CVE-2023-45288...

9.8CVSS8.2AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/08/21 3:28 p.m.10 views

GO-2022-0790 Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy in github.com/oauth2-proxy/oauth2-proxy

Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy in github.com/oauth2-proxy/oauth2-proxy...

6.1CVSS6.1AI score0.01353EPSS
Exploits1References5
Rows per page
Query Builder