VYPR

rpm package

suse/apache2-mod_auth_openidc&distro=SUSE Linux Enterprise Server 12 SP5

pkg:rpm/suse/apache2-mod_auth_openidc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Vulnerabilities (10)

  • CVE-2024-24814HigFeb 13, 2024
    affected < 2.4.0-7.12.2fixed 2.4.0-7.12.2

    mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the

  • CVE-2023-28625HigApr 3, 2023
    affected < 2.4.0-7.9.1fixed 2.4.0-7.9.1

    mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereferen

  • CVE-2022-23527MedDec 14, 2022
    affected < 2.4.0-7.9.1fixed 2.4.0-7.9.1

    mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() do

  • CVE-2021-39191MedSep 3, 2021
    affected < 2.4.0-3.23.1fixed 2.4.0-3.23.1

    mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_ope

  • CVE-2021-32792LowJul 26, 2021
    affected < 2.4.0-3.23.1fixed 2.4.0-3.23.1

    mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when us

  • CVE-2021-32791MedJul 26, 2021
    affected < 2.4.0-3.23.1fixed 2.4.0-3.23.1

    mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openi

  • CVE-2021-32786MedJul 22, 2021
    affected < 2.4.0-3.23.1fixed 2.4.0-3.23.1

    mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the

  • CVE-2021-32785MedJul 22, 2021
    affected < 2.4.0-3.23.1fixed 2.4.0-3.23.1

    mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted

  • CVE-2021-20718HigMay 20, 2021
    affected < 2.4.0-3.14.1fixed 2.4.0-3.14.1

    mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.

  • CVE-2019-20479MedFeb 20, 2020
    affected < 2.4.0-3.11.1fixed 2.4.0-3.11.1

    A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.