41 matches found
MiracleLinux 7 : mod_auth_openidc-1.8.8-7.el7 (AXSA:2020-741:01)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-741:01 advisory. modauthopenidc: Open redirect in logout url when using URLs with leading slashes CVE-2019-14857 modauthopenidc: Open redirect issue exists in URLs wi...
Alibaba Cloud Linux 3 : 0052: mod_auth_openidc:2.3 (ALINUX3-SA-2022:0052)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0052 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-14857: A flaw was found in...
Advisory ROSA-SA-2024-2362
Software: modauthopenidc 2.3.7 OS: ROSA Virtualization 2.1 packageevrstring: modauthopenidc-2.3.7-11.rv3 CVE-ID: CVE-2019-14857 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is an open redirect issue in URLs with a slash at the end, similar to CVE-2019-3877 in modauthmellon. CVE-STATUS: Fixed...
Debian: Security Advisory (DLA-3409-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-3409 : libapache2-mod-auth-openidc - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3409 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3409-1 [email protected]...
[SECURITY] [DLA 3409-1] libapache2-mod-auth-openidc security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3409-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 30, 2023 https://wiki.debian.org/LTS -...
SUSE CVE-2019-20479
A flaw was found in modauthopenidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning...
Mageia: Security Advisory (MGASA-2020-0129)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:0705-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL CORE 5.04 / MAIN 5.04 : mod_auth_openidc Multiple Vulnerabilities (NS-SA-2021-0039)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has modauthopenidc packages installed that are affected by multiple vulnerabilities: - A flaw was found in modauthopenidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning...
Amazon Linux AMI : mod24_auth_openidc (ALAS-2020-1448)
The version of mod24authopenidc installed on the remote host is prior to 1.8.8-7.6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1448 advisory. An open redirect flaw was discovered in modauthopenidc, where it handles logout redirection. The module does not...
Medium: mod24_auth_openidc
Issue Overview: An open redirect flaw was discovered in modauthopenidc, where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web sit...
Amazon Linux 2 : mod_auth_openidc (ALAS-2020-1538)
The version of modauthopenidc installed on the remote host is prior to 1.8.8-7. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1538 advisory. An open redirect flaw was discovered in modauthopenidc, where it handles logout redirection. The module does not...
Low: mod_auth_openidc
Issue Overview: An open redirect flaw was discovered in modauthopenidc, where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web sit...
Scientific Linux Security Update : mod_auth_openidc on SL7.x x86_64 (20201001)
Security Fixes : - modauthopenidc: Open redirect in logout url when using URLs with leading slashes CVE-2019-14857 - modauthopenidc: Open redirect issue exists in URLs with slash and backslash CVE-2019-20479 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...
Oracle Linux 7 : mod_auth_openidc (ELSA-2020-3970)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-3970 advisory. - Related: rhbz1805748 - CVE-2019-20479 modauthopenidc: open redirect issue exists in URLs with slash and backslash rhel-7 - Resolves: rhbz1805748 -...
mod_auth_openidc security update
1.8.8-7 - Fix a regression in the previous patches - Related: rhbz1805748 - CVE-2019-20479 modauthopenidc: open redirect issue exists in URLs with slash and backslash rhel-7 1.8.8-6 - Resolves: rhbz1805748 - CVE-2019-20479 modauthopenidc: open redirect issue exists in URLs with slash and backslas...
Low: Red Hat Security Advisory: mod_auth_openidc security update
An update for modauthopenidc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
RHEL 7 : mod_auth_openidc (RHSA-2020:3970)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3970 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an Open...
Oracle Linux 8 : mod_auth_openidc:2.3 (ELSA-2020-3032)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3032 advisory. - Related: rhbz1820666 - CVE-2019-14857 modauthopenidc:2.3/modauthopenidc: Open redirect in logout url when using URLs with leading slashes rhel-8.2.0....