CVE-2017-1000070CVE-2017-1000070

Affected configuration(s):

cpe:/a:oauth2_proxy_project:oauth2_proxy:2.1

Date published: 2017-07-17T09:18:18.220-04:00

Date last modified: 2017-07-20T12:26:26.063-04:00

CVSS Score: 5.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: https://github.com/bitly/oauth2_proxy/pull/359

Summary: The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.