CVE-2020-5233

Опубликовано: 30 янв. 2020

Источник: nvd

CVSS3: 5.9

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.

Ссылки

https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2
Patch
Third Party Advisory
https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0
Release Notes
Third Party Advisory
https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv
Exploit
Patch
Third Party Advisory
https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2
Patch
Third Party Advisory
https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0
Release Notes
Third Party Advisory
https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oauth2_proxy_project:oauth2_proxy:*:*:*:*:*:*:*:*

Версия до 5.0.0 (исключая)

EPSS

Процентиль: 52%

0.00287

Низкий

5.9 Medium

CVSS3

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

CVE-2020-5233

CVSS3: 5.9

debian

около 6 лет назад

OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...

GHSA-qqxw-m5fj-f7gv

CVSS3: 5.9

github

около 4 лет назад

The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect

EPSS

Процентиль: 52%

0.00287

Низкий

5.9 Medium

CVSS3

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601