26 matches found
CLSA-2025-1753800294 mod_auth_openidc: Fix of CVE-2022-23527
CVE-2022-23527: fix open redirect vulnerability caused by improper URL validation...
TencentOS Server 3: mod_auth_openidc:2.3 (TSSA-2023:0283)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0283 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Fedora 37 : mod_auth_openidc (2022-e139408490)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-e139408490 advisory. CVE-2022-23527 modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character Tenable has extracted the preceding description block...
Fedora 38 : mod_auth_openidc (2022-105be2997e)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-105be2997e advisory. Automatic update for modauthopenidc-2.4.12.2-1.fc38. Changelog Fri Dec 16 2022 Tomas Halman - 2.4.12.2-1 Rebase to 2.4.12.2 version - Resolves: rhbz2153658 -...
Fedora: Security Advisory (FEDORA-2023-02c84fe305)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 9 : mod_auth_openidc-2.4.9.4-2.el9
The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the modauthopenidc-2.4.9.4-2.el9 build changelog. - open redirect by supplying a crafted URL in the targetlinkuri parameter CVE-2021-39191 - modauthopenidc is an OpenID Certified...
Oracle Linux 8 : mod_auth_openidc:2.3 (ELSA-2023-6940)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6940 advisory. - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz2223308...
mod_auth_openidc:2.3 security and bug fix update
cjose 0.6.1-4 - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz2223308 modauthopenidc 2.4.9.4-5 Related: rhbz2141850 - fix cjose version dependency 2.4.9.4-4 Resolves: rhbz2141850 - authopenidc.conf mode 0640 by...
RHEL 8 : mod_auth_openidc:2.3 (RHSA-2023:6940)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6940 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an Open...
ALSA-2023:6940 Moderate: mod_auth_openidc:2.3 security and bug fix update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character...
Moderate: mod_auth_openidc:2.3 security and bug fix update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character...
Fedora 39 : mod_auth_openidc (2023-02c84fe305)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-02c84fe305 advisory. Automatic update for modauthopenidc-2.4.12.3-2.fc39. Changelog Tue Mar 7 2023 Tomas Halman - 2.4.12.3-2 migrated to SPDX license Tue Feb 28 2023 Tom...
RHEL 9 : mod_auth_openidc (RHSA-2023:6365)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6365 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an Open...
ALSA-2023:6365 Moderate: mod_auth_openidc security and bug fix update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character...
Moderate: mod_auth_openidc security and bug fix update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character...
Debian dla-3499 : libapache2-mod-auth-openidc - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3499 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3499-1 [email protected]...
Debian: Security Advisory (DLA-3499-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2023:1837-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : apache2-mod_auth_openidc (SUSE-SU-2023:0215-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0215-1 advisory. - CVE-2022-23527: Fixed open redirect in oidcvalidateredirecturl using tab character bsc1206441. - CVE-2021-39191:...
SUSE: Security Advisory (SUSE-SU-2023:0215-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...