cnvd - cnvd-2020-04820

cnvd-2020-04820

Vulnerability from cnvd

Title: OAuth2 Proxy开放重定向漏洞

Description:

OAuth2 Proxy是一款OAuth2代理服务程序。

OAuth2 Proxy存在输入验证漏洞，远程攻击者可利用该漏洞提交恶意的URI，诱使用户解析，可进行重定向攻击，获取敏感信息劫持会话等。

Severity: 低

Patch Name: OAuth2 Proxy开放重定向漏洞的补丁

Patch Description:

OAuth2 Proxy是一款OAuth2代理服务程序。

OAuth2 Proxy存在输入验证漏洞，远程攻击者可利用该漏洞提交恶意的URI，诱使用户解析，可进行重定向攻击，获取敏感信息劫持会话等。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0

Reference: https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2

Impacted products

Name
OAuth2 Proxy <5.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-5233",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-5233"
    }
  },
  "description": "OAuth2 Proxy\u662f\u4e00\u6b3eOAuth2\u4ee3\u7406\u670d\u52a1\u7a0b\u5e8f\u3002\n\nOAuth2 Proxy\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u6076\u610f\u7684URI\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u8fdb\u884c\u91cd\u5b9a\u5411\u653b\u51fb\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u52ab\u6301\u4f1a\u8bdd\u7b49\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-04820",
  "openTime": "2020-02-12",
  "patchDescription": "OAuth2 Proxy\u662f\u4e00\u6b3eOAuth2\u4ee3\u7406\u670d\u52a1\u7a0b\u5e8f\u3002\r\n\r\nOAuth2 Proxy\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u6076\u610f\u7684URI\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u8fdb\u884c\u91cd\u5b9a\u5411\u653b\u51fb\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u52ab\u6301\u4f1a\u8bdd\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "OAuth2 Proxy\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "OAuth2 Proxy \u003c5.0"
  },
  "referenceLink": "https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2",
  "serverity": "\u4f4e",
  "submitTime": "2020-02-04",
  "title": "OAuth2 Proxy\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e"
}

CVE-2020-5233 (GCVE-0-2020-5233)

Vulnerability from cvelistv5

Published

2020-01-30 17:45

Modified

2024-08-04 08:22

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L

CWE

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Summary

OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.

References

▼	URL	Tags
	https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv	x_refsource_CONFIRM
	https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2	x_refsource_MISC
	https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	pusher	OAuth2 Proxy	Version: < 5.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:09.082Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OAuth2 Proxy",
          "vendor": "pusher",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-30T17:45:17",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0"
        }
      ],
      "source": {
        "advisory": "GHSA-qqxw-m5fj-f7gv",
        "discovery": "UNKNOWN"
      },
      "title": "Open Redirect in OAuth2 Proxy",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-5233",
          "STATE": "PUBLIC",
          "TITLE": "Open Redirect in OAuth2 Proxy"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OAuth2 Proxy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 5.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "pusher"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv",
              "refsource": "CONFIRM",
              "url": "https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv"
            },
            {
              "name": "https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2",
              "refsource": "MISC",
              "url": "https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2"
            },
            {
              "name": "https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0",
              "refsource": "MISC",
              "url": "https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-qqxw-m5fj-f7gv",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-5233",
    "datePublished": "2020-01-30T17:45:17",
    "dateReserved": "2020-01-02T00:00:00",
    "dateUpdated": "2024-08-04T08:22:09.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted