CVE-2021-21291 Information

Description

OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google GitHub and others) to validate accounts by email domain or group. In OAuth2 Proxy before version 7.0.0 for users that use the whitelist domain feature a domain that ended in a similar way to the intended domain could have been allowed as a redirect. For example if a whitelist domain was configured for .example.com\ the intention is that subdomains of example.com are allowed. Instead xample.com\ and adexample.com\ could also match. This is fixed in version 7.0.0 onwards. As a workaround one can disable the whitelist domain feature and run separate OAuth2 Proxy instances for each subdomain.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://pkg.go.dev/github.com/oauth2-proxy/oauth2-proxy/v7 https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-4mf2-f3wh-gvf2 https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.0.0 https://github.com/oauth2-proxy/oauth2-proxy/commit/780ae4f3c99b579cb2ea9845121caebb6192f725

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1