Vulnerability Database

300,830

Total vulnerabilities in the database

CVE-2020-5233

OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.

Published: Jan 30, 2020
Updated: Nov 9, 2025
CVE: CVE-2020-5233
GHSA: GHSA-qqxw-m5fj-f7gv
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
oauth2_proxy_project / oauth2_proxy	-	5.0.0
github.com/oauth2-proxy/oauth2-proxy	-	5.0.0

https://blog.detectify.com/2019/05/16/the-real-impact-of-an-open-redirect/
https://github.com/oauth2-proxy/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2
https://github.com/oauth2-proxy/oauth2_proxy/releases/tag/v5.0.0
https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-qqxw-m5fj-f7gv
https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2
https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0
https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo