CVE-2020-5233

Опубликовано: 30 янв. 2020

Источник: debian

EPSS Низкий

Описание

OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
oauth2-proxy	itp			package

EPSS

Процентиль: 52%

0.00287

Низкий

Связанные уязвимости

CVE-2020-5233

CVSS3: 5.9

nvd

около 6 лет назад

OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.

GHSA-qqxw-m5fj-f7gv

CVSS3: 5.9

github

около 4 лет назад

The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect

EPSS

Процентиль: 52%

0.00287

Низкий