Skip to content
  • Sheogorath's avatar
    fix(oauth2-proxy): Fix insecure configuration due to use of trusted-ip config · a500e1ca
    Sheogorath authored
    The usage of the trusted-ip config resulted in a security incident that
    allowed access to any oauth2-proxy protected endpoint without requiring
    authentication.
    
    Thankfully all significant endpoints had been protected by additional
    measures such as network restrictions and are therefore not affected.
    Only the prometheus and alertmanager endpoints have been exposed to the
    public internet, but are not exposing sensitive data beyond metrics.
    
    A check of the relevant logs didn't provide any indication of
    compromise.
    a500e1ca