Vulnerabilites related to pusher - OAuth2 Proxy
CVE-2020-5233 (GCVE-0-2020-5233)
Vulnerability from cvelistv5
Published
2020-01-30 17:45
Modified
2024-08-04 08:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pusher | OAuth2 Proxy |
Version: < 5.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OAuth2 Proxy",
"vendor": "pusher",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-30T17:45:17",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0"
}
],
"source": {
"advisory": "GHSA-qqxw-m5fj-f7gv",
"discovery": "UNKNOWN"
},
"title": "Open Redirect in OAuth2 Proxy",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5233",
"STATE": "PUBLIC",
"TITLE": "Open Redirect in OAuth2 Proxy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OAuth2 Proxy",
"version": {
"version_data": [
{
"version_value": "\u003c 5.0.0"
}
]
}
}
]
},
"vendor_name": "pusher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv",
"refsource": "CONFIRM",
"url": "https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv"
},
{
"name": "https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2",
"refsource": "MISC",
"url": "https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2"
},
{
"name": "https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0",
"refsource": "MISC",
"url": "https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0"
}
]
},
"source": {
"advisory": "GHSA-qqxw-m5fj-f7gv",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5233",
"datePublished": "2020-01-30T17:45:17",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-04T08:22:09.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}