Semoac

Name of the Vulnerable Software and Affected Versions: OAuth2 Proxy versions prior to 7.0.0 Description: The issue concerns the whitelist domain feature in OAuth2 Proxy, where a domain that ends similarly to the intended domain could be allowed as a redirect. For example, if a whitelist domain is configured for ".example.com", the intention is that subdomains of example.com are allowed, but "example.com" and "badexample.com" could also match. This is due to the code not matching a dot to ensure the redirect is a subdomain. Recommendations: For versions prior to 7.0.0, update to version 7.0.0 or later to fix the issue. As a temporary workaround, consider disabling the whitelist domain feature and run separate OAuth2 Proxy instances for each subdomain.