MiracleLinux 7 : mod_auth_openidc-1.8.8-7.el7 (AXSA:2020-741:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-741:01 advisory. modauthopenidc: Open redirect in logout url when using URLs with leading slashes CVE-2019-14857 modauthopenidc: Open redirect issue exists in URLs wi...

MiracleLinux 9 : mod_auth_openidc-2.4.10-1.el9_6.2 (AXSA:2025-10555:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10555:02 advisory. modauthopenidc: DoS via Empty POST in modauthopenidc with OIDCPreservePost Enabled CVE-2025-3891 Tenable has extracted the preceding description block...

SUSE SLES15 / openSUSE 15 Security Update : apache2-mod_auth_openidc (SUSE-SU-2025:4532-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4532-1 advisory. - Update to 2.4.17.1 bsc1248806 / PED-14130. - Remove many patches, as they've been merged upstream. Tenable has...

TencentOS Server 3: mod_auth_openidc:2.3 (TSSA-2024:0762)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0762 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Fedora 41 : mod_auth_openidc (2025-be0c6f25ce)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-be0c6f25ce advisory. Rebase to new version resolves CVE-2025-31492 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Linux Distros Unpatched Vulnerability : CVE-2022-23527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open...

OESA-2024-1194 mod_auth_openidc security update

This module enables an Apache 2.x web server to operate as an OpenID Connect Relying PartyRP to an OpenID Connect ProviderOP. Security Fixes: modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying...

AZL-42520 CVE-2024-24814 affecting package mod_auth_openidc 2.4.14.2-1

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to a...

PT-2023-9329 · Apache +5 · Apache Http Server +5

Name of the Vulnerable Software and Affected Versions: mod auth openidc versions 2.0.0 through 2.4.13.1 Description: The issue is related to the mod auth openidc module for the Apache 2.x HTTP server, which implements OpenID Connect Relying Party functionality. When OIDCStripCookies is set and a...

AZL-11653 CVE-2022-23527 affecting package mod_auth_openidc for versions less than 2.4.14.2-1

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check fo...

Hardcoded static IV and AAD with a reused key in AES GCM encryption in mod_auth_openidc

...

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Mod_auth_openidc, related to uncontrolled resource consumption, allows attackers to cause service interruptions.

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Modauthopenidc, is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

DEBIAN-CVE-2021-39191

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of modauthopenidc was reported to ...

PT-2021-22446 · Apache +5 · Apache Http Server +5

Name of the Vulnerable Software and Affected Versions: mod auth openidc versions prior to 2.4.9.4 Description: The mod auth openidc module for the Apache 2.x HTTP server is vulnerable to an open redirect attack. This occurs when a crafted URL is supplied in the target link uri parameter, affectin...

PT-2021-6525 · Unknown +5 · Mod Auth Openidc +5

Name of the Vulnerable Software and Affected Versions: mod auth openidc versions prior to 2.4.9 Description: The issue is related to an XSS vulnerability in mod auth openidc when using OIDCPreservePost On. This vulnerability allows a remote attacker to impact the integrity of data. The estimated...

AZL-6479 CVE-2021-32785 affecting package httpd for versions less than 2.4.52-1

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When modauthopenidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache...

PT-2021-6452 · Unknown +5 · Mod Auth Openidc +5

Name of the Vulnerable Software and Affected Versions: mod auth openidc versions prior to 2.4.9 Description: The issue is related to the AES GCM encryption in mod auth openidc, which uses a static IV and AAD. This creates a static nonce and can lead to known cryptographic issues since the same ke...

UBUNTU-CVE-2021-20718

modauthopenidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service DoS condition via unspecified vectors...

UBUNTU-CVE-2019-14857

A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon...

PT-2019-11526 · Zmartzone Iam · Mod Auth Openidc

Name of the Vulnerable Software and Affected Versions: ZmartZone IAM mod auth openidc versions 2.3.10.1 and earlier Description: The issue affects the ZmartZone IAM mod auth openidc, allowing for Cross Site Scripting XSS attacks. This can lead to redirecting the user to a phishing page or...