CVE-2020-5233 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.9 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L
GitHub_M	CNA	5.9 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 51%

Vendor	Product	Version
oauth2_proxy_project	oauth2_proxy	𝑥 < 5.0.0

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References

https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2

https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0

https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv

https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2

https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0

https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv