CVE-2020-5233 MEDIUM

CVE-2020-5233: Open Redirect in OAuth2 Proxy

Vendor Pusher

Product OAuth2 Proxy

Weakness CWE-601 · Open redirect

Published January 30, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

5.9/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L

What the vulnerability does

01Description

OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.

Key dates

02Disclosure timeline

January 30, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-5233 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/601.html

Related vulnerabilities

CVE-2020-5233: Open Redirect in OAuth2 Proxy

01Description

02Disclosure timeline

03References

04Related CVE