CVE-2020-5233

Name of the Vulnerable Software and Affected Versions oauth2 proxy versions prior to 5.0

Description An open redirect vulnerability has been found in oauth2 proxy. This issue could allow an attacker to silently harvest authentication tokens. For example, an attacker could use a URL like https://facebook.com/oauth.php?clientid=123&state=abc&redirect url=https://yourdomain.com/red.php?url%3dhttps://attacker.com/ to exploit this vulnerability. The IsValidRedirect function in oauth2 proxy is vulnerable, and a patch has been submitted to fix this issue.

Recommendations For versions prior to 5.0, update to version 5.0 to resolve the issue. At the moment, there is no workaround available for this vulnerability.