**Name of the Vulnerable Software and Affected Versions:**

OAuth2-Proxy versions 7.10.0 and earlier

**Description:**

OAuth2-Proxy deployments using the `skip auth routes` configuration option with regex patterns are vulnerable to authentication bypass. Attackers can craft URLs with malicious query parameters that satisfy the configured regex patterns, potentially gaining unauthorized access to protected resources. The issue arises because `skip auth routes` incorrectly matches against the full request URI (path and query parameters) instead of only the path. Deployments utilizing wildcard or broad matching patterns in `skip auth routes` are particularly at risk. Approximately 27,800 services and 34,000+ results are found to be affected.

**Recommendations:**

OAuth2-Proxy versions prior to 7.11.0 are vulnerable.

- Upgrade to version 7.11.0 or later to resolve this issue.

- Audit all `skip auth routes` configurations for overly permissive patterns.

- Replace wildcard patterns with exact path matches where possible.

- Ensure regex patterns are properly anchored, starting with `^` and ending with `$`.

- Implement custom validation to strip query parameters before regex matching.