Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oauth2 proxy project oauth2 proxy vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-11053
In OAuth2 Proxy prior to 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This re...
Oauth2 Proxy Project Oauth2 Proxy
6.1
CVSSv3
CVE-2020-5233
OAuth2 Proxy prior to 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.
Oauth2 Proxy Project Oauth2 Proxy
6.1
CVSSv3
CVE-2017-1000070
The Bitly oauth2_proxy in version 2.1 and previous versions was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819
Oauth2 Proxy Project Oauth2 Proxy
5.4
CVSSv3
CVE-2020-4037
In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect UR...
Oauth2 Proxy Project Oauth2 Proxy
6.1
CVSSv3
CVE-2021-21291
OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a d...
Oauth2 Proxy Project Oauth2 Proxy
5.5
CVSSv3
CVE-2021-21411
OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The `--gitlab-group` flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization w...
Oauth2 Proxy Project Oauth2 Proxy
8.8
CVSSv3
CVE-2017-1000069
CSRF in Bitly oauth2_proxy 2.1 during authentication flow
Oauth2 Proxy Project Oauth2 Proxy 2.1
6.5
CVSSv3
CVE-2021-32753
EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the software. When the EdgeX API gateway is configured for OAuth2 authentication and a ...
Edgexfoundry Edgex Foundry
3.7
CVSSv3
CVE-2023-31124
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an malicious user to ...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
6.5
CVSSv3
CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the ra...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »