RHEL 8 : mod_auth_openidc:2.3 (RHSA-2022:1823)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1823 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an Open...

Moderate: mod_auth_openidc:2.3 security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: open redirect in oidcvalidateredirecturl CVE-2021-32786...

CentOS 8 : mod_auth_openidc:2.3 (CESA-2022:1823)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:1823 advisory. - modauthopenidc: open redirect in oidcvalidateredirecturl CVE-2021-32786 - modauthopenidc: hardcoded static IV and AAD with a reused key in AES GCM...

AZL-7289 CVE-2021-39191 affecting package mod_auth_openidc for versions less than 2.4.14.2-1

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of modauthopenidc was reported to ...