6 matches found
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the processing of request paths containing a number sign or its encoded form %23 when using skipauthroutes or skipauthregex settings. An attacker can gain unauthorized access t...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the processing of request paths containing a number sign or its encoded form %23 when using skipauthroutes or skipauthregex settings. An attacker can gain unauthorized access t...
CVE-2026-41059 OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex; use of patterns...
CVE-2026-41059
The CVE concerns OAuth2 Proxy (versions 7.5.0–7.15.1) where a configuration-driven authentication bypass can occur due to patterns in skip_auth_routes or legacy skip_auth_regex. Attacks are possible when attacker-controlled suffixes widen patterns (for example, ^/foo/.*/bar$) so that a # in the p...
GHSA-PXQ7-H93F-9JRG OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex
Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex Use of patterns that can be widened by attacker-controlled suffixes, such as ^/foo/./bar$ causing potential...
OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex
Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex Use of patterns that can be widened by attacker-controlled suffixes, such as ^/foo/./bar$ causing potential...