GHSA-X3F4-V83F-7WP2: Unvalidated Redirect Leading to Token Leakage in Authorizer
Vulnerability ID: GHSA-X3F4-V83F-7WP2
CVSS Score: 9.8
Published: 2026-04-06
Authorizer versions prior to 2.0.1 suffer from unvalidated redirect vulnerabilities across multiple GraphQL and HTTP endpoints. This flaw permits attackers to craft malicious URLs that, when interacted with by authenticated or verifying users, exfiltrate sensitive authentication tokens including full OAuth2 session bundles. The root cause is the omission of the validators.IsValidOrigin check in specific handler routines.
TL;DR
A missing origin validation check in Authorizer < 2.0.1 allows unvalidated redirects that leak OAuth tokens and password reset links to attacker-controlled domains, enabling full account takeover.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-601
- Attack Vector: Network
- CVSS Score: 9.8
- Impact: Account Takeover / Token Exfiltration
- Exploit Status: Proof of Concept
- Authentication Required: None
Affected Systems
- Authorizer versions < 2.0.1
-
authorizer: < 2.0.1 (Fixed in:
2.0.1)
Code Analysis
Commit: 6d9bef1
Fix: origin validation implemented across multiple endpoints and regex improved
Mitigation Strategies
- Upgrade Authorizer to version 2.0.1 or later
- Eliminate wildcard entries in the AllowedOrigins configuration
- Enforce explicit domain and port matching for all allowed redirects
Remediation Steps:
- Identify the current running version of Authorizer.
- Pull the v2.0.1 container image or download the updated binary.
- Review the ALLOWED_ORIGINS environment variable to ensure it only contains trusted values.
- Deploy the updated application and restart the service.
- If historical exploitation is suspected, rotate active tokens and force user re-authentication.
References
- GitHub Security Advisory GHSA-x3f4-v83f-7wp2
- Fix Commit 6d9bef1aaba3f867f8c769b93eb7fc80e4e7b0a2
- Pull Request 502
- Authorizer v2.0.1 Release Notes
Read the full report for GHSA-X3F4-V83F-7WP2 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)