Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtNmMtanA2Zi0ydmN2

Open Redirect in OAuth2 Proxy

Impact

As users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access.
This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites.

Permalink: https://github.com/advisories/GHSA-5m6c-jp6f-2vcv
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtNmMtanA2Zi0ydmN2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 3 years ago
Updated: almost 2 years ago


CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS Percentage: 0.00066
EPSS Percentile: 0.30507

Identifiers: GHSA-5m6c-jp6f-2vcv, CVE-2020-4037
References: Repository: https://github.com/oauth2-proxy/oauth2-proxy
Blast Radius: 1.0

Affected Packages

go:github.com/oauth2-proxy/oauth2-proxy
Dependent packages: 1
Dependent repositories: 0
Downloads:
Affected Version Ranges: >= 5.1.1, < 6.0.0
Fixed in: 6.0.0
All affected versions:
All unaffected versions: 1.1.1, 2.0.1, 3.0.0, 3.1.0, 3.2.0