CVE-2020-5233

medium

Description

OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.

References

Advisories
More

https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0

https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2

https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv

Details

Source: Mitre, NVD

Published: 2020-01-30

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N