VYPR

rpm package

opensuse/apache2-mod_auth_openidc&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/apache2-mod_auth_openidc&distro=openSUSE%20Tumbleweed

Vulnerabilities (6)

  • CVE-2025-31492HigApr 6, 2025
    affected < 2.4.16.11-1.1fixed 2.4.16.11-1.1

    mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthentic

  • CVE-2024-24814Feb 13, 2024
    affected < 2.4.15.3-1.1fixed 2.4.15.3-1.1

    mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the

  • CVE-2022-23527MedDec 14, 2022
    affected < 2.4.12.2-1.1fixed 2.4.12.2-1.1

    mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() do

  • CVE-2021-32786MedJul 22, 2021
    affected < 2.4.9.4-1.2fixed 2.4.9.4-1.2

    mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the

  • CVE-2021-32785MedJul 22, 2021
    affected < 2.4.9.4-1.2fixed 2.4.9.4-1.2

    mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted

  • CVE-2019-14857MedNov 26, 2019
    affected < 2.4.9.4-1.2fixed 2.4.9.4-1.2

    A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.