rpm package
suse/apache2-mod_auth_openidc&distro=SUSE OpenStack Cloud Crowbar 9
pkg:rpm/suse/apache2-mod_auth_openidc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-28625 | Hig | 7.5 | < 2.4.0-7.9.1 | 2.4.0-7.9.1 | Apr 3, 2023 | mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereferen | |
| CVE-2022-23527 | Med | 4.7 | < 2.4.0-7.9.1 | 2.4.0-7.9.1 | Dec 14, 2022 | mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() do | |
| CVE-2021-20718 | Hig | 7.5 | < 2.4.0-3.14.1 | 2.4.0-3.14.1 | May 20, 2021 | mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors. |
- affected < 2.4.0-7.9.1fixed 2.4.0-7.9.1
mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereferen
- affected < 2.4.0-7.9.1fixed 2.4.0-7.9.1
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() do
- affected < 2.4.0-3.14.1fixed 2.4.0-3.14.1
mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.