Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
1 vulnerability by pusher
CVE-2020-5233 (GCVE-0-2020-5233)
Vulnerability from cvelistv5 – Published: 2020-01-30 17:45 – Updated: 2024-08-04 08:22
VLAI?
Title
Open Redirect in OAuth2 Proxy
Summary
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.
Severity ?
5.9 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pusher | OAuth2 Proxy |
Affected:
< 5.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OAuth2 Proxy",
"vendor": "pusher",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-30T17:45:17.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0"
}
],
"source": {
"advisory": "GHSA-qqxw-m5fj-f7gv",
"discovery": "UNKNOWN"
},
"title": "Open Redirect in OAuth2 Proxy",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5233",
"STATE": "PUBLIC",
"TITLE": "Open Redirect in OAuth2 Proxy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OAuth2 Proxy",
"version": {
"version_data": [
{
"version_value": "\u003c 5.0.0"
}
]
}
}
]
},
"vendor_name": "pusher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv",
"refsource": "CONFIRM",
"url": "https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv"
},
{
"name": "https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2",
"refsource": "MISC",
"url": "https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2"
},
{
"name": "https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0",
"refsource": "MISC",
"url": "https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0"
}
]
},
"source": {
"advisory": "GHSA-qqxw-m5fj-f7gv",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5233",
"datePublished": "2020-01-30T17:45:17.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:09.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}