CVE-2020-11053

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 5.1.1

Description The issue is related to an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites. However, by crafting a redirect URL with HTML encoded whitespace characters, the validation could be bypassed and allow a redirect to any URL provided.

Recommendations For OAuth2 Proxy versions prior to 5.1.1, update to version 5.1.1 to resolve the issue. As a temporary workaround, consider validating redirect URLs more strictly to prevent bypassing the validation. Restrict access to the IsValidRedirect function to minimize the risk of exploitation. Avoid using HTML encoded whitespace characters in redirect URLs until the issue is resolved.