VYPR
Medium severity4.7NVD Advisory· Published Sep 3, 2021· Updated Jun 17, 2026

CVE-2021-39191

CVE-2021-39191

Description

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the target_link_uri parameter. A patch in version 2.4.9.4 made it so that the OIDCRedirectURLsAllowed setting must be applied to the target_link_uri parameter. There are no known workarounds aside from upgrading to a patched version.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

13

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.