FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

oauth2-proxy -- domain whitelist could be used as redirect

Affected packages
oauth2-proxy < 7.0.0

Details

VuXML ID 3003ba60-6cec-11eb-8815-040e3c1b8a02
Discovery 2021-02-02
Entry 2021-02-12

SO-AND-SO reports:

In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a domain that ended in a similar way to the intended domain could have been allowed as a redirect.

References

URL https://nvd.nist.gov/vuln/detail/CVE-2021-21291