rpm package
opensuse/apache2-mod_auth_openidc&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/apache2-mod_auth_openidc&distro=openSUSE%20Leap%2015.3
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-32792 | Low | 3.1 | < 2.3.8-3.15.1 | 2.3.8-3.15.1 | Jul 26, 2021 | mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when us | |
| CVE-2021-32791 | Med | 5.9 | < 2.3.8-3.15.1 | 2.3.8-3.15.1 | Jul 26, 2021 | mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openi | |
| CVE-2021-32786 | Med | 4.7 | < 2.3.8-3.15.1 | 2.3.8-3.15.1 | Jul 22, 2021 | mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the | |
| CVE-2021-32785 | Med | 5.3 | < 2.3.8-3.15.1 | 2.3.8-3.15.1 | Jul 22, 2021 | mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted |
- affected < 2.3.8-3.15.1fixed 2.3.8-3.15.1
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when us
- affected < 2.3.8-3.15.1fixed 2.3.8-3.15.1
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openi
- affected < 2.3.8-3.15.1fixed 2.3.8-3.15.1
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the
- affected < 2.3.8-3.15.1fixed 2.3.8-3.15.1
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted