153 matches found
CVE-2025-54576
OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skipauthroutes configuration option...
OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion
Impact This vulnerability affects oauth2-proxy deployments using the skipauthroutes configuration option with regex patterns. The vulnerability allows attackers to bypass authentication by crafting URLs with query parameters that satisfy the configured regex patterns, potentially gaining...
GHSA-7RH7-C77V-6434 OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion
Impact This vulnerability affects oauth2-proxy deployments using the skipauthroutes configuration option with regex patterns. The vulnerability allows attackers to bypass authentication by crafting URLs with query parameters that satisfy the configured regex patterns, potentially gaining...
CVE-2025-54576 OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion
OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skipauthroutes configuration option...
CVE-2025-54576 OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion
OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skipauthroutes configuration option...
CVE-2025-54576
Observations on CVE-2025-54576 : OAuth2-Proxy versions up to 7.10.0 expose an authentication bypass when using skip_auth_routes with regex patterns, because skip_auth_routes can match the full request URI (path + query parameters) instead of only the path. This allows an attacker to craft URLs wi...
CVE-2025-54576 OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion
OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skipauthroutes configuration option...
OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0
The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted. Additionally, any authenticated users had whichever groups were set in --gitlab-group added to the new...
GHSA-652X-M2GR-HPPM OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0
The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted. Additionally, any authenticated users had whichever groups were set in --gitlab-group added to the new...
PT-2025-31437
Name of the Vulnerable Software and Affected Versions OAuth2-Proxy versions 7.10.0 and earlier Description OAuth2-Proxy deployments using the skip auth routes configuration option with regex patterns are vulnerable to authentication bypass. Attackers can craft URLs with malicious query parameters...
OAuth2-Proxy 安全漏洞
oauth2-proxy is a reverse proxy software from the OAuth2 Proxy open source. A security vulnerability exists in OAuth2-Proxy version 7.10.0 and earlier, which stems from the possibility of bypassing authentication when the skipauthroutes configuration option uses regular expressions...
CVE-2021-21411
OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted...
CVE-2021-21291
OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers Google, GitHub, and others to validate accounts by email, domain or group. In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a domain that ended in...
CVE-2020-5233
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0...
CVE-2020-11053
In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is check...
FreeBSD : oauth2-proxy -- Non-linear parsing of case-insensitive content (258a58a9-6583-4808-986b-e785c27b0a18)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 258a58a9-6583-4808-986b-e785c27b0a18 advisory. Golang reports: This update include security fixes: Tenable has extracted the preceding description blo...
oauth2-proxy -- Non-linear parsing of case-insensitive content
Golang reports: This update include security fixes: CVE-2024-45338: Non-linear parsing of case-insensitive content...
FreeBSD : oauth2-proxy -- multiple vulnerabilities (dbe8c5bd-8d3f-11ef-8d2e-a04a5edf46d9)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the dbe8c5bd-8d3f-11ef-8d2e-a04a5edf46d9 advisory. The oauth2-proxy project reports: Vulnerabilities have been addressed: Tenable has extracted t...
oauth2-proxy -- multiple vulnerabilities
The oauth2-proxy project reports: Vulnerabilities have been addressed: CVE-2024-24786 CVE-2024-24791 CVE-2024-24790 CVE-2024-24784 CVE-2024-28180 CVE-2023-45288...
GO-2022-0790 Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy in github.com/oauth2-proxy/oauth2-proxy
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy in github.com/oauth2-proxy/oauth2-proxy...