MiracleLinux 7 : mod_auth_openidc-1.8.8-5.el7 (AXSA:2019-4244:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-4244:01 advisory. modauthopenidc: OIDCCLAIM and OIDCAuthNHeader not skipped in an AuthType oauth20 configuration CVE-2017-6413 modauthopenidc: Shows user-supplied...

CVE-2024-52553

Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b6d and earlier does not invalidate the previous session on login...

CVE-2025-27370

OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the privatekeyjwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including token endpoints or issu...

The vulnerability of the implementations of CAS, SAML, and OpenID Connect protocols in the web application for deploying distributed social networks like Mastodon allows attackers to circumvent security restrictions and gain access to user accounts.

The vulnerability of the implementation of CAS, SAML, and OpenID Connect protocols in the web application for deploying distributed social networks like Mastodon is related to deficiencies in the authentication process due to changes in the email address during login to the system. Exploiting thi...

The vulnerability of the OpenId Connect service’s framework for Apache CXF allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the OpenId Connect service for Apache CXF web services is related to insufficient protection of registration data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...