Open Redirect in OAuth2 Proxy

In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites. This has been fixed in version 6.0.0.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

指向未可信站点的URL重定向(开放重定向)

OAuth2 Proxy 输入验证错误漏洞

OAuth2 Proxy是一款能够提供与Google、Github或其他提供商进行身份验证的反向代理。 OAuth2 Proxy 5.1.1之后版本（6.0.0版本已修复）中存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。

N/A

N/A