CNNVD-202507-3740 Information
CNNVD ID
CNNVD-202507-3740
Related CVE
- CNNVD Published: 2025-07-30
Description (Chinese)
oauth2-proxy是OAuth2 Proxy开源的一个反向代理软件。 OAuth2-Proxy 7.10.0及之前版本存在安全漏洞,该漏洞源于skip_auth_routes配置选项使用正则表达式时可能绕过身份验证。
Description (English)
Oauth2-proxy is a reverse agent for OAuth2 Proxy open source. There is a security loophole in the OAuth2-Proxy 7.10.0 and earlier versions, which stems from the possibility that the regular expression may be bypassed when using the sskip auth routes configuration option.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
OAuth2 Proxy
Published
2025-07-30
Last Modified
2026-02-24
References
https://github.com/oauth2-proxy/oauth2-proxy/blob/f4b33b64bd66ad28e9b0d63bea51837b83c00ca1/oauthproxy.go#L582-L584 https://github.com/oauth2-proxy/oauth2-proxy/blob/f4b33b64bd66ad28e9b0d63bea51837b83c00ca1/pkg/requests/util/util.go#L37-L44 https://github.com/oauth2-proxy/oauth2-proxy/commit/9ffafad4b2d2f9f7668e5504565f356a7c047b77 https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.11.0 https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-7rh7-c77v-6434 https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview/#proxy-options https://access.redhat.com/security/cve/cve-2025-54576
Patch
https://github.com/oauth2-proxy/oauth2-proxy/releases
Share on: