Horizon Alert
Summary of the vulnerability and why it matters
A security issue in OAuth2 Proxy could allow attackers to bypass authentication and access protected resources. This happens in specific configurations where the proxy is integrated with other tools for authentication and health checks.
- Unauthenticated access to sensitive data.
- Impacts internet-facing applications.
- Exploits specific proxy configurations.
Attack Path
How an attacker could exploit the issue
An unauthenticated attacker can bypass authentication by sending a specially crafted request to OAuth2 Proxy. This is possible when OAuth2 Proxy is configured with specific authentication integrations and health check settings. The attacker leverages the proxy's misinterpretation of health check requests to access protected upstream resources.
- Remote unauthenticated access.
- Exploits health check misconfiguration.
- Requires specific proxy settings.
Live Threat
Current exploitation, exposure, and threat context
This vulnerability allows unauthenticated remote attackers to bypass authentication and access protected upstream resources in specific OAuth2 Proxy configurations. Attackers are likely to target this if they discover deployments using the vulnerable auth_request integration with either --ping-user-agent or --gcp-healthchecks enabled, as it directly grants access to sensitive applications.
- Authentication bypass potential
- Affects specific configurations
- Recently patched
Priority actions
Operational Fix
Recommended remediation, mitigation, and detection steps
Prioritize patching OAuth2 Proxy to version 7.15.2 or later for all deployments using the `auth_request` style integration with `--ping-user-agent` or `--gcp-healthchecks` enabled. If immediate patching is not feasible, implement strict network access controls to limit who can reach the vulnerable proxy instances.
- Update to version 7.15.2.
- Restrict network access to proxy.
- Monitor logs for unauthorized access.
