6.1
CVE-2020-5233
- EPSS 1.12%
- Veröffentlicht 30.01.2020 19:15:11
- Zuletzt bearbeitet 21.11.2024 05:33:43
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginOpen Redirect in OAuth2 Proxy
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oauth2 Proxy Project ≫ Oauth2 Proxy Version < 5.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.12% | 0.62 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
| security-advisories@github.com | 5.9 | 1.2 | 4.7 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2
https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0
https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv