Vulnerability Description
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.
CVSS Score
5.9
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oauth2 Proxy Project | Oauth2 Proxy | < 5.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b31PatchThird Party Advisory
- https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0Release NotesThird Party Advisory
- https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gvExploitPatchThird Party Advisory
- https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b31PatchThird Party Advisory
- https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0Release NotesThird Party Advisory
- https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gvExploitPatchThird Party Advisory
FAQ
What is CVE-2020-5233?
CVE-2020-5233 is a vulnerability with a CVSS score of 5.9 (MEDIUM). OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.
How severe is CVE-2020-5233?
CVE-2020-5233 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5233?
Check the references section above for vendor advisories and patch information. Affected products include: Oauth2 Proxy Project Oauth2 Proxy.