Tag: oauth2-proxy

All the articles with the tag "oauth2-proxy".

[CVE-2025-54576] OAuth2-Proxy skip_auth_routes Lets Attackers Walk Straight Past the Login Screen

30 Jul, 2025

A design flaw in OAuth2-Proxy versions up to 7.10.0 means the skip_auth_routes option is applied to the full URL, not just the path. By adding crafty query parameters an attacker can bypass authentication completely.

[CVE-2025-54576] OAuth2-Proxy skip_auth_routes Lets Attackers Walk Straight Past the Login Screen