Количество 10
Количество 10
CVE-2021-39191
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version.
CVE-2021-39191
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version.
CVE-2021-39191
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version.
CVE-2021-39191
URL Redirection to Untrusted Site ('Open Redirect') in mod_auth_openidc
CVE-2021-39191
mod_auth_openidc is an authentication/authorization module for the Apa ...
SUSE-SU-2023:0215-1
Security update for apache2-mod_auth_openidc
RLSA-2022:1823
Moderate: mod_auth_openidc:2.3 security update
ELSA-2022-1823
ELSA-2022-1823: mod_auth_openidc:2.3 security update (MODERATE)
SUSE-SU-2021:3352-1
Security update for apache2-mod_auth_openidc
SUSE-SU-2025:4532-1
Security update for apache2-mod_auth_openidc
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-39191 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version. | CVSS3: 4.7 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-39191 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version. | CVSS3: 6.1 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-39191 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version. | CVSS3: 4.7 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-39191 URL Redirection to Untrusted Site ('Open Redirect') in mod_auth_openidc | CVSS3: 6.1 | 0% Низкий | около 4 лет назад |
| CVE-2021-39191 mod_auth_openidc is an authentication/authorization module for the Apa ... | CVSS3: 4.7 | 0% Низкий | больше 4 лет назад |
 | SUSE-SU-2023:0215-1 Security update for apache2-mod_auth_openidc | около 3 лет назад | ||
 | RLSA-2022:1823 Moderate: mod_auth_openidc:2.3 security update | больше 3 лет назад | ||
| ELSA-2022-1823 ELSA-2022-1823: mod_auth_openidc:2.3 security update (MODERATE) | больше 3 лет назад | ||
| SUSE-SU-2021:3352-1 Security update for apache2-mod_auth_openidc | больше 4 лет назад | ||
| SUSE-SU-2025:4532-1 Security update for apache2-mod_auth_openidc | около 1 месяца назад |
Уязвимостей на страницу