Количество 31
Количество 31
CVE-2021-39191
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version.
CVE-2021-39191
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version.
CVE-2021-39191
URL Redirection to Untrusted Site ('Open Redirect') in mod_auth_openidc
CVE-2021-39191
mod_auth_openidc is an authentication/authorization module for the Apa ...
CVE-2021-32792
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.
CVE-2021-32792
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.
CVE-2021-32792
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.
CVE-2021-32792
XSS vulnerability when using OIDCPreservePost On in mod_auth_openidc
CVE-2021-32792
mod_auth_openidc is an authentication/authorization module for the Apa ...
BDU:2022-01785
Уязвимость модуля аутентификации и авторизации для Apache 2.x HTTP server Mod_auth_openidc, позволяющая нарушителю оказать воздействие на целостность данных
SUSE-SU-2023:0215-1
Security update for apache2-mod_auth_openidc
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-39191 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version. | CVSS3: 6.1 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-39191 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version. | CVSS3: 4.7 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-39191 URL Redirection to Untrusted Site ('Open Redirect') in mod_auth_openidc | CVSS3: 6.1 | 0% Низкий | около 4 лет назад |
| CVE-2021-39191 mod_auth_openidc is an authentication/authorization module for the Apa ... | CVSS3: 4.7 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-32792 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`. | CVSS3: 3.1 | 0% Низкий | больше 4 лет назад |
| CVE-2021-32792 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`. | CVSS3: 6.1 | 0% Низкий | больше 4 лет назад |
| CVE-2021-32792 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`. | CVSS3: 3.1 | 0% Низкий | больше 4 лет назад |
| CVE-2021-32792 XSS vulnerability when using OIDCPreservePost On in mod_auth_openidc | CVSS3: 6.1 | 0% Низкий | около 4 лет назад |
| CVE-2021-32792 mod_auth_openidc is an authentication/authorization module for the Apa ... | CVSS3: 3.1 | 0% Низкий | больше 4 лет назад |
 | BDU:2022-01785 Уязвимость модуля аутентификации и авторизации для Apache 2.x HTTP server Mod_auth_openidc, позволяющая нарушителю оказать воздействие на целостность данных | CVSS3: 6.1 | 0% Низкий | больше 4 лет назад |
 | SUSE-SU-2023:0215-1 Security update for apache2-mod_auth_openidc | около 3 лет назад |
Уязвимостей на страницу