Iamnoooob

**Name of the Vulnerable Software and Affected Versions** OAuth2 Proxy versions prior to 7.15.2 **Description** A configuration-dependent authentication bypass occurs when OAuth2 Proxy is configured with `--reverse-proxy` and has at least one rule defined using `--skip auth routes` or `--skip-auth-regex`. In this state, the software may trust a client-supplied `X-Forwarded-Uri` header. An attacker can spoof this header to make OAuth2 Proxy evaluate authentication and skip-auth rules against a path different from the one sent to the upstream application, allowing an unauthenticated remote attacker to access protected routes without a valid session. **Recommendations** Update to version 7.15.2 and configure the `--trusted-proxy-ip` flag to specify the IPs or CIDR ranges of reverse proxies allowed to send `X-Forwarded-*` headers. Strip any client-provided `X-Forwarded-Uri` header at the reverse proxy or load balancer level. Explicitly overwrite `X-Forwarded-Uri` with the actual request URI before forwarding requests to OAuth2 Proxy. Restrict direct client access to OAuth2 Proxy so it is only reachable through a trusted reverse proxy. Remove or narrow `--skip-auth-route` or `--skip-auth-regex` rules where possible.

**Name of the Vulnerable Software and Affected Versions** OAuth2 Proxy versions prior to 7.15.2 **Description** A configuration-dependent authentication bypass exists in deployments using auth request-style integration, such as nginx auth request. The issue occurs when either the `--ping-user-agent` variable is set or the `--gcp-healthchecks` variable is enabled. In these cases, the software treats any request containing the configured health check `User-Agent` value as a successful health check, regardless of the requested path. This allows an unauthenticated remote attacker to bypass authentication and access protected upstream resources. **Recommendations** Update to version 7.15.2. Disable `--gcp-healthchecks`. Remove any configured `--ping-user-agent`. Ensure the reverse proxy does not forward client-controlled `User-Agent` headers to the OAuth2 Proxy auth subrequest. Use path-based health checks only on dedicated health check endpoints.

**Name of the Vulnerable Software and Affected Versions** OpenAM versions prior to 16.0.6 **Description** Open Access Management (OpenAM) is an access management solution. An unauthenticated attacker can achieve arbitrary command execution on the server through unsafe Java deserialization. This occurs when a crafted serialized Java object is sent as the `jato.clientSession` GET/POST parameter to any JATO ViewBean endpoint whose JSP contains `<jato:form>` tags, such as Password Reset pages. This issue bypasses the WhitelistObjectInputStream mitigation previously applied to the `jato.pageSession` parameter. **Recommendations** Update to version 16.0.6.

**Name of the Vulnerable Software and Affected Versions** Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 **Description** A Mass assignment vulnerability was found in Netmaker that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in version 0.17.1 and fixed in version 0.18.6. **Recommendations** For versions prior to 0.17.1, upgrade to version 0.17.1 or later. For versions 0.18.0 through 0.18.5, upgrade to version 0.18.6 or later. If using version 0.17.1, run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d` to switch to the patched version. As a temporary workaround for version 0.17.1, pull the latest docker image of the backend and restart the server.

**Name of the Vulnerable Software and Affected Versions** Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 **Description** Hardcoded DNS key usage has been found in Netmaker, allowing unauthorized users to interact with DNS API endpoints. The issue is patched in version 0.17.1 and fixed in version 0.18.6. **Recommendations** For versions prior to 0.17.1, upgrade to version 0.17.1 or later. For versions 0.18.0 through 0.18.5, upgrade to version 0.18.6 or later. If using version 0.17.1, run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d` to switch to the patched version. As a temporary workaround for version 0.17.1, pull the latest docker image of the backend and restart the server.

**Name of the Vulnerable Software and Affected Versions** Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 **Description** An Insecure Direct Object Reference (IDOR) vulnerability was found in the user update function, allowing an attacker to update another user's password by specifying their username. **Recommendations** For versions prior to 0.17.1, upgrade to version 0.17.1 or later. For versions 0.18.0 through 0.18.5, upgrade to version 0.18.6 or later. If using version 0.17.1, run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d` to switch to the patched users. As a temporary workaround for version 0.17.1, pull the latest docker image of the backend and restart the server.

Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 3.0 on Windows Description: A remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir, potentially allowing them to exit the directory and impact the system. There is an unintentional directory creation vulnerability in the `tmpdir` library bundled with Ruby on Windows, and an unintentional file creation vulnerability in the tempfile library, as it uses tmpdir internally. Recommendations: For Ruby versions prior to 3.0 on Windows, consider restricting access to the `tmpdir` library and tempfile library until a patch is available. As a temporary workaround, avoid using the `tmpdir` library and tempfile library in Web applications that handle parameters with TmpDir.

**Name of the Vulnerable Software and Affected Versions** OAuth2 Proxy versions prior to 5.1.1 **Description** The issue is related to an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites. However, by crafting a redirect URL with HTML encoded whitespace characters, the validation could be bypassed and allow a redirect to any URL provided. **Recommendations** For OAuth2 Proxy versions prior to 5.1.1, update to version 5.1.1 to resolve the issue. As a temporary workaround, consider validating redirect URLs more strictly to prevent bypassing the validation. Restrict access to the `IsValidRedirect` function to minimize the risk of exploitation. Avoid using HTML encoded whitespace characters in redirect URLs until the issue is resolved.