6.1
CVE-2020-5233
- EPSS 0.29%
- Veröffentlicht 30.01.2020 19:15:11
- Zuletzt bearbeitet 21.11.2024 05:33:43
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginOAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oauth2 Proxy Project ≫ Oauth2 Proxy Version < 5.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.517 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
| security-advisories@github.com | 5.9 | 1.2 | 4.7 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.