16 matches found
Amazon Linux AMI : mod24_auth_mellon (ALAS-2023-1765)
The version of mod24authmellon installed on the remote host is prior to 0.14.0-2.10. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1765 advisory. A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attack...
Medium: mod24_auth_mellon
Issue Overview: A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. T...
Amazon Linux 2 : mod_auth_mellon (ALAS-2023-2077)
The version of modauthmellon installed on the remote host is prior to 0.14.0-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2077 advisory. A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker t...
User may be redirected to On-premises AAA Logout Page after Logging off Citrix Cloud
When you deploy an on-premises Citrix GatewayNetScaler Gateway as the OAuth IDP for Citrix Cloud. User may be redirected toon-premises IDP logout page/vpn/tmlogout.html instead of Citrix Cloud login page after logging out Citrix Cloud. For example, you have the following URLs: Citrix Cloud URL:...
AZL-36962 CVE-2021-3639 affecting package mod_auth_mellon for versions less than 0.16.0-4
A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...
CVE-2021-3639
A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...
CVE-2021-3639
A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...
Design/Logic Flaw
A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...
CVE-2021-3639
A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...
mod_auth_mellon security update
0.14.0-12.1 - Resolves: rhbz1986805 - CVE-2021-3639 modauthmellon: Open Redirect vulnerability in logout URLs rhel-8...
EulerOS 2.0 SP8 : mod_auth_mellon (EulerOS-SA-2022-1354)
According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate...
Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2021-2597)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : mod_auth_mellon (EulerOS-SA-2021-2511)
According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate...
Ubuntu 21.04 : mod-auth-mellon vulnerability (USN-5069-2)
The remote Ubuntu 21.04 host has a package installed that is affected by a vulnerability as referenced in the USN-5069-2 advisory. USN-5069-1 fixed a vulnerability in mod-auth-mellon. This update provides the corresponding updates for Ubuntu 21.04. Tenable has extracted the preceding description...
CVE-2021-3639
A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...
CVE-2021-3639
A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...