Количество 10
Количество 10
CVE-2022-23527
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed.
CVE-2022-23527
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed.
CVE-2022-23527
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed.
CVE-2022-23527
Open Redirect in oidc_validate_redirect_url()
CVE-2022-23527
mod_auth_openidc is an OpenID Certified\u2122 authentication and autho ...
SUSE-SU-2023:1837-1
Security update for apache2-mod_auth_openidc
SUSE-SU-2023:0215-1
Security update for apache2-mod_auth_openidc
ELSA-2023-6940
ELSA-2023-6940: mod_auth_openidc:2.3 security and bug fix update (MODERATE)
ELSA-2023-6365
ELSA-2023-6365: mod_auth_openidc security and bug fix update (MODERATE)
SUSE-SU-2025:4532-1
Security update for apache2-mod_auth_openidc
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-23527 mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed. | CVSS3: 4.7 | 0% Низкий | около 3 лет назад |
 | CVE-2022-23527 mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed. | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
 | CVE-2022-23527 mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed. | CVSS3: 4.7 | 0% Низкий | около 3 лет назад |
 | CVE-2022-23527 Open Redirect in oidc_validate_redirect_url() | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
| CVE-2022-23527 mod_auth_openidc is an OpenID Certified\u2122 authentication and autho ... | CVSS3: 4.7 | 0% Низкий | около 3 лет назад |
 | SUSE-SU-2023:1837-1 Security update for apache2-mod_auth_openidc | почти 3 года назад | ||
| SUSE-SU-2023:0215-1 Security update for apache2-mod_auth_openidc | почти 3 года назад | ||
| ELSA-2023-6940 ELSA-2023-6940: mod_auth_openidc:2.3 security and bug fix update (MODERATE) | около 2 лет назад | ||
| ELSA-2023-6365 ELSA-2023-6365: mod_auth_openidc security and bug fix update (MODERATE) | около 2 лет назад | ||
| SUSE-SU-2025:4532-1 Security update for apache2-mod_auth_openidc | 20 дней назад |
Уязвимостей на страницу