Github.Com Oauth2-Proxy Oauth2-Proxy vulnerabilities

5 known vulnerabilities affecting github.com/oauth2-proxy_oauth2-proxy.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2026-34457CRITICAL≥ 0, ≤ 3.2.02026-04-14
CVE-2026-34457 [CRITICAL] CWE-290 OAuth2 Proxy's Health Check User-Agent Matching Bypasses Authentication in auth_request Mode OAuth2 Proxy's Health Check User-Agent Matching Bypasses Authentication in auth_request Mode ### Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: - OAuth2 Proxy is used with an `auth_request`-style integration (for example, nginx `auth_request`) - `--ping-user-agent` is set or `
ghsa
CVE-2020-11053HIGH≥ 0, < 5.1.12021-12-20
CVE-2020-11053 [HIGH] CWE-601 Open Redirect in OAuth2 Proxy Open Redirect in OAuth2 Proxy ### Impact As users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites. However, by crafting a redir
ghsaosv
CVE-2020-5233MEDIUM≥ 0, < 5.0.02021-12-20
CVE-2020-5233 [MEDIUM] CWE-601 The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect ### Impact An open redirect vulnerability has been found in `oauth2_proxy`. Anyone who uses `oauth2_proxy` may potentially be impacted. For a context [detectify] have an in depth blog post about the potential impact of an open redirect. Particularly see the OAuth section. **tl;dr**: Pe
ghsaosv
CVE-2020-4037MEDIUM≥ 5.1.1, < 6.0.02021-12-20
CVE-2020-4037 [MEDIUM] CWE-601 Open Redirect in OAuth2 Proxy Open Redirect in OAuth2 Proxy ### Impact As users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites.
ghsaosv
CVE-2021-21291LOW≥ 0, ≤ 3.2.02021-05-25
CVE-2021-21291 [LOW] CWE-601 Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy ### Impact _What kind of vulnerability is it? Who is impacted?_ For users that use the whitelist domain feature, a domain that ended in a similar way to the intended domain could have been allowed as a redirect. For example, if a whitelist domain was configured for `.example.com`, the i
ghsaosv