CVE-2020-15234

MEDIUM EPSS 53.1%
Published Oct 2, 20205y ago · Modified Jun 17, 20262w ago
4.8 CVSS 3.1
Medium
Find Similar
Published Oct 2, 2020 5y ago
Last Modified Jun 17, 2026 2w ago

Description

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite before version 0.34.1, the OAuth 2.0 Client's registered redirect URLs and the redirect URL provided at the OAuth2 Authorization Endpoint where compared using strings.ToLower while they should have been compared with a simple string match. This allows an attacker to register a client with allowed redirect URL https://example.com/callback. Then perform an OAuth2 flow and requesting redirect URL https://example.com/CALLBACK. Instead of an error (invalid redirect URL), the browser is redirected to https://example.com/CALLBACK with a potentially successful OAuth2 response, depending on the state of the overall OAuth2 flow (the user might still deny the request for example). This vulnerability has been patched in ORY Fosite v0.34.1.

CVSS Details

Base Score
4.8
Exploitability
1.7
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
53.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 3

CWE-178
CWE-20 Improper Input Validation Validation
CWE-601

Affected Products 1

VendorProductVersionRange
oryfosite* <0.34.1

References 2

  • github.com https://github.com/ory/fosite/commit/cdee51ebe721bfc8acca0fd0b86b030ca70867bf
    PatchThird Party Advisory
  • github.com https://github.com/ory/fosite/security/advisories/GHSA-grfp-q2mm-hfp6
    Third Party Advisory

Remediation

  • github.com https://github.com/ory/fosite/commit/cdee51ebe721bfc8acca0fd0b86b030ca70867bf
    PatchThird Party Advisory