CVE-2020-5233: URL Redirection to Untrusted Site ('Open Redirect')

December 20, 2021

OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.

References

github.com/advisories/GHSA-qqxw-m5fj-f7gv
github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-qqxw-m5fj-f7gv
github.com/oauth2-proxy/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2
github.com/oauth2-proxy/oauth2_proxy/releases/tag/v5.0.0
nvd.nist.gov/vuln/detail/CVE-2020-5233

Code Behaviors & Features

Detect and mitigate CVE-2020-5233 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →