Skip to main content

Oauth2 Proxy

8 CVEs product

Monthly

CVE-2026-34454 Go LOW PATCH GHSA Monitor

OAuth2 Proxy versions 7.11.0 through 7.15.1 fail to clear the session cookie when rendering the sign-in page due to a regression, allowing authenticated users to remain logged in even after attempting to log out via the sign-in page. On shared workstations, a subsequent user could hijack the previous user's authenticated session without additional credentials. This affects only deployments using the sign-in page as part of logout flow; organizations with dedicated logout endpoints are unaffected. The vulnerability carries a low CVSS score of 3.5 (physical attack vector required) but poses meaningful risk in shared-access environments.

Information Disclosure Oauth2 Proxy
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2021-21411 Go MEDIUM PATCH This Month

OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Google Gitlab Authentication Bypass Oauth2 Proxy
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-21291 Go MEDIUM POC PATCH This Month

OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Open Redirect Oauth2 Proxy
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-4037 Go MEDIUM PATCH This Month

In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Oauth2 Proxy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-11053 Go MEDIUM PATCH This Month

In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Oauth2 Proxy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5233 Go MEDIUM POC PATCH This Month

OAuth2 Proxy before 5.0 has an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Oauth2 Proxy
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2017-1000070 Go MEDIUM PATCH This Month

The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Oauth2 Proxy
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000069 Go HIGH PATCH This Week

CSRF in Bitly oauth2_proxy 2.1 during authentication flow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Oauth2 Proxy
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
EPSS 0% CVSS 3.5
LOW PATCH Monitor

OAuth2 Proxy versions 7.11.0 through 7.15.1 fail to clear the session cookie when rendering the sign-in page due to a regression, allowing authenticated users to remain logged in even after attempting to log out via the sign-in page. On shared workstations, a subsequent user could hijack the previous user's authenticated session without additional credentials. This affects only deployments using the sign-in page as part of logout flow; organizations with dedicated logout endpoints are unaffected. The vulnerability carries a low CVSS score of 3.5 (physical attack vector required) but poses meaningful risk in shared-access environments.

Information Disclosure Oauth2 Proxy
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Google Gitlab Authentication Bypass +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Open Redirect Oauth2 Proxy
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Oauth2 Proxy
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Oauth2 Proxy
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

OAuth2 Proxy before 5.0 has an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Oauth2 Proxy
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Oauth2 Proxy
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

CSRF in Bitly oauth2_proxy 2.1 during authentication flow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Oauth2 Proxy
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy