21 matches found
CVE-2026-27139 vulnerabilities
Vulnerabilities for packages: gitlab-kas, nats-top, ctop, kubernetes-dashboard-metrics-scraper, cert-exporter, mods, promxy, nri-mysql, spark-operator, x509-certificate-exporter, conjur-cli, crossplane-provider-aws-route53, kube-logging-operator-custom-runner, delve, timescaledb-parallel-copy,...
EUVD-2021-2545
Malware in sbrugna...
EUVD-2021-2584
Malware in sbrugna...
Cross-site Request Forgery (CSRF)
CSRF in Bitly oauth2proxy 2.1 during authentication flow...
GHSA-RRM8-32G4-W8M3 Cross-site Request Forgery (CSRF)
CSRF in Bitly oauth2proxy 2.1 during authentication flow...
Open Redirect in oauth2_proxy
The Bitly oauth2proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819...
GHSA-JM34-XM8M-W958 Open Redirect in oauth2_proxy
The Bitly oauth2proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819...
GHSA-QQXW-M5FJ-F7GV The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect
Impact An open redirect vulnerability has been found in oauth2proxy. Anyone who uses oauth2proxy may potentially be impacted. For a context detectify have an in depth blog post about the potential impact of an open redirect. Particularly see the OAuth section. tl;dr: People's authentication token...
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect
Impact An open redirect vulnerability has been found in oauth2proxy. Anyone who uses oauth2proxy may potentially be impacted. For a context detectify have an in depth blog post about the potential impact of an open redirect. Particularly see the OAuth section. tl;dr: People's authentication token...
Open Redirection
github.com/pusher/oauth2proxy is vulnerable to open redirection. Lack of validation in the redirecturl parameter allows an attacker to redirect a user to a malicious website and potentially steal the user's authentication tokens...
CVE-2017-1000070
The Bitly oauth2proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819...
CVE-2017-1000070
The Bitly oauth2proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819...
CVE-2017-1000069
CSRF in Bitly oauth2proxy 2.1 during authentication flow...
CVE-2017-1000069
CSRF in Bitly oauth2proxy 2.1 during authentication flow...
Open redirect
The Bitly oauth2proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819...
Cross site request forgery (csrf)
CSRF in Bitly oauth2proxy 2.1 during authentication flow...
CVE-2017-1000070
CVE-2017-1000070 concerns the Bitly oauth2_proxy showing an open redirect vulnerability in versions up to 2.1 during the start and end of the 2-legged OAuth flow. The root cause cited is improper input validation violating RFC-6819, allowing an attacker to redirect users to arbitrary sites. The c...
CVE-2017-1000069
The CVE-2017-1000069 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in Bitly oauth2_proxy version 2.1 during the authentication flow. Connected documents corroborate CSRF as the vulnerability class affecting Bitly oauth2_proxy 2.1. The primary impact is reflected in the CVSS me...
CVE-2017-1000069
CSRF in Bitly oauth2proxy 2.1 during authentication flow...
CVE-2017-1000070
The Bitly oauth2proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819...