36 matches found
MiracleLinux 7 : mod_auth_openidc-1.8.8-7.el7 (AXSA:2020-741:01)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-741:01 advisory. modauthopenidc: Open redirect in logout url when using URLs with leading slashes CVE-2019-14857 modauthopenidc: Open redirect issue exists in URLs wi...
Alibaba Cloud Linux 3 : 0052: mod_auth_openidc:2.3 (ALINUX3-SA-2022:0052)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0052 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-14857: A flaw was found in...
Advisory ROSA-SA-2024-2362
Software: modauthopenidc 2.3.7 OS: ROSA Virtualization 2.1 packageevrstring: modauthopenidc-2.3.7-11.rv3 CVE-ID: CVE-2019-14857 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is an open redirect issue in URLs with a slash at the end, similar to CVE-2019-3877 in modauthmellon. CVE-STATUS: Fixed...
SUSE: Security Advisory (SUSE-SU-2019:2934-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL CORE 5.04 / MAIN 5.04 : mod_auth_openidc Multiple Vulnerabilities (NS-SA-2021-0039)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has modauthopenidc packages installed that are affected by multiple vulnerabilities: - A flaw was found in modauthopenidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning...
Amazon Linux AMI : mod24_auth_openidc (ALAS-2020-1448)
The version of mod24authopenidc installed on the remote host is prior to 1.8.8-7.6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1448 advisory. An open redirect flaw was discovered in modauthopenidc, where it handles logout redirection. The module does not...
Medium: mod24_auth_openidc
Issue Overview: An open redirect flaw was discovered in modauthopenidc, where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web sit...
Amazon Linux 2 : mod_auth_openidc (ALAS-2020-1538)
The version of modauthopenidc installed on the remote host is prior to 1.8.8-7. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1538 advisory. An open redirect flaw was discovered in modauthopenidc, where it handles logout redirection. The module does not...
Low: mod_auth_openidc
Issue Overview: An open redirect flaw was discovered in modauthopenidc, where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web sit...
Scientific Linux Security Update : mod_auth_openidc on SL7.x x86_64 (20201001)
Security Fixes : - modauthopenidc: Open redirect in logout url when using URLs with leading slashes CVE-2019-14857 - modauthopenidc: Open redirect issue exists in URLs with slash and backslash CVE-2019-20479 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...
Oracle Linux 7 : mod_auth_openidc (ELSA-2020-3970)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-3970 advisory. - Related: rhbz1805748 - CVE-2019-20479 modauthopenidc: open redirect issue exists in URLs with slash and backslash rhel-7 - Resolves: rhbz1805748 -...
mod_auth_openidc security update
1.8.8-7 - Fix a regression in the previous patches - Related: rhbz1805748 - CVE-2019-20479 modauthopenidc: open redirect issue exists in URLs with slash and backslash rhel-7 1.8.8-6 - Resolves: rhbz1805748 - CVE-2019-20479 modauthopenidc: open redirect issue exists in URLs with slash and backslas...
Low: Red Hat Security Advisory: mod_auth_openidc security update
An update for modauthopenidc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
RHEL 7 : mod_auth_openidc (RHSA-2020:3970)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3970 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an Open...
Oracle Linux 8 : mod_auth_openidc:2.3 (ELSA-2020-3032)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3032 advisory. - Related: rhbz1820666 - CVE-2019-14857 modauthopenidc:2.3/modauthopenidc: Open redirect in logout url when using URLs with leading slashes rhel-8.2.0....
Debian: Security Advisory (DLA-2298-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2298-1 : libapache2-mod-auth-openidc security update
Several issues have been found in libapache2-mod-auth-openidc, the OpenID Connect authentication module for the Apache HTTP server. CVE-2019-14857 Insufficient validation of URLs leads to an Open Redirect vulnerability. An attacker may trick a victim into providing credentials for an OpenID...
mod_auth_openidc:2.3 security and bug fix update
cjose 0.6.1-2 - fix concatkdf big endian architecture problem. Upstream issue 77. 0.6.1-1 - upgrade to latest upstream 0.6.1 0.5.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora29MassRebuild 0.5.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora28MassRebuild 0.5.1-1 - Initial packagin...
Moderate: Red Hat Security Advisory: mod_auth_openidc:2.3 security and bug fix update
An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: mod_auth_openidc:2.3 security and bug fix update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open redirect in logout url when using URLs with leading slashes...