VYPR

mod_auth_openidc

by Mod Auth Openidc

CVEs (7)

  • CVE-2019-20479MedFeb 20, 2020
    risk 0.33cvss 6.1epss 0.02

    A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.

  • CVE-2022-23527MedDec 14, 2022
    risk 0.31cvss 4.7epss 0.01

    mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url()…

  • CVE-2021-39191MedSep 3, 2021
    risk 0.00cvss 4.7epss 0.02

    mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of…

  • CVE-2021-32792LowJul 26, 2021
    risk 0.00cvss 3.1epss 0.02

    mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when…

  • CVE-2021-32791MedJul 26, 2021
    risk 0.00cvss 5.9epss 0.01

    mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in…

  • CVE-2021-32786MedJul 22, 2021
    risk 0.00cvss 4.7epss 0.02

    mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs…

  • CVE-2019-14857MedNov 26, 2019
    risk 0.00cvss 6.1epss 0.02

    A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.