OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.
References
Link | Resource |
---|---|
https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2 | Patch Third Party Advisory |
https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0 | Release Notes Third Party Advisory |
https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-01-30T17:45:17
Updated: 2020-01-30T17:45:17
Reserved: 2020-01-02T00:00:00
Link: CVE-2020-5233
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-30T19:15:11.883
Modified: 2020-04-09T14:33:44.427
Link: CVE-2020-5233
JSON object: View
Redhat Information
No data.
CWE