CVE-2017-1000070

MEDIUM

Bitly oauth2_proxy <2.1 - Open Redirect

Title source: llm

Description

The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819

References (2)

[Patch, Third Party Advisory] https://github.com/bitly/oauth2_proxy/pull/359

[Technical Description] https://tools.ietf.org/html/rfc6819#section-5.2.3.5

Scores

CVSS v3 6.1

EPSS 0.0018

EPSS Percentile 39.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (3)

oauth2_proxy_project/oauth2_proxy < 2.1

bitly/oauth2_proxy < 2.2.0Go

n/a/n/a

Published Jul 17, 2017

Tracked Since Feb 18, 2026