Lucene search

Gentoo FoundationMGASA-2024-0081

HistoryMar 22, 2024 - 3:19 a.m.

Updated apache-mod_auth_openidc packages fix security vulnerability

2024-03-2203:19:51

Gentoo Foundation

advisories.mageia.org

apache

openidc

input validation

security vulnerability

dos attack

cve-2024-24814

unix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

Missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable to DoS attack. (CVE-2024-24814)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchapache-mod_auth_openidc< 2.4.13.2-1.1apache-mod_auth_openidc-2.4.13.2-1.1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	9	noarch	apache-mod_auth_openidc	< 2.4.13.2-1.1	apache-mod_auth_openidc-2.4.13.2-1.1.mga9

References

bugs.mageia.org/show_bug.cgi?id=32928

github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv

lists.fedoraproject.org/archives/list/[email protected]/message/T7DKVEVREYAI4F46CQAVOTPL75WLOZOE/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for MGASA-2024-0081