blob: 826cec2d72f9ac8ce93cb7ce90cd2d4a787a80d5 [file] [log] [blame]
id: GO-ID-PENDING
modules:
- module: github.com/oauth2-proxy/oauth2-proxy
versions:
- introduced: 5.1.1
fixed: 6.0.0
summary: Open Redirect in OAuth2 Proxy in github.com/oauth2-proxy/oauth2-proxy
description: |-
### Impact As users can provide a redirect address for the proxy to send the
authenticated user to at the end of the authentication flow. This is expected to
be the original URL that the user was trying to access. This redirect URL is
checked within the proxy and validated before redirecting the user to prevent
malicious actors providing redirects to potentially harmful sites.
cves:
- CVE-2020-4037
ghsas:
- GHSA-5m6c-jp6f-2vcv
references:
- advisory: https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-5m6c-jp6f-2vcv
- fix: https://github.com/oauth2-proxy/oauth2-proxy/commit/ee5662e0f5001d76ec76562bb605abbd07c266a2
- web: https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v6.0.0
notes:
- lint: 'description: possible markdown formatting (found ### )'
- lint: 'modules[0] "github.com/oauth2-proxy/oauth2-proxy": 2 versions do not exist: 5.1.1, 6.0.0'
source:
id: GHSA-5m6c-jp6f-2vcv