MiracleLinux 8 : mod_auth_openidc:2.3 (AXSA:2023-6296:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6296:01 advisory. cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE CVE-2023-37464 Tenable has extracted the preceding...

SUSE-SU-2025:4532-1 Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: - Update to 2.4.17.1 bsc1248806 / PED-14130. - Remove many patches, as they've been merged upstream...

PT-2025-18145 · Apache +6 · Apache Http Server +6

Name of the Vulnerable Software and Affected Versions: Apache httpd mod auth openidc module affected versions not specified Description: A flaw in the mod auth openidc module for Apache httpd allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request...

CVE-2025-31492

modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a modauthopenidc results in disclosure of protected content to unauthenticated users. The...

PT-2025-15122

Name of the Vulnerable Software and Affected Versions mod auth openidc versions prior to 2.4.16.11 Description A bug in mod auth openidc results in disclosure of protected content to unauthenticated users. The conditions for disclosure include an OIDCProviderAuthRequestMethod POST, a valid accoun...

SUSE CVE-2022-23527

modauthopenidc is an OpenID Certifiedtm authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check f...

CVE-2024-24814 Denial of service when manipulating mod_auth_openidc_session_chunks cookie in mod_auth_openidc

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to a...

CVE-2022-23527 Open Redirect in oidc_validate_redirect_url()

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check fo...

The vulnerability of the oidc_validate_redirect_url() function in the authentication and authorization module for the Apache 2.x HTTP server Mod_auth_openidc allows a perpetrator to access sensitive data and compromise its integrity.

The vulnerability of the oidcvalidateredirecturl function in the authentication and authorization module for the Apache 2.x HTTP server Modauthopenidc is related to the use of open redirection. Exploiting this vulnerability allows a malicious actor to gain access to sensitive data and compromise...

DEBIAN-CVE-2021-32792

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, there is an XSS vulnerability in when using OIDCPreservePost ...

mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes

An open redirect flaw was discovered in modauthopenidc, where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would...

DEBIAN-CVE-2019-14857

A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon...