Mod Auth Openidc@* Security Vulnerabilities and Issues — Mod Auth Openidc@* CVE List

Lucene search

OpenidcMod Auth Openidc*

10 matches found

CVE•added 2021/07/22 10:15 p.m.•276 views

CVE-2021-32786

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, oidc_validate_redirect_url() does not parse URLs the same way as most bro...

6.1CVSS5.4AI score0.00088EPSS

CVE•added 2021/07/26 5:15 p.m.•273 views

CVE-2021-32791

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV...

5.9CVSS6AI score0.00223EPSS

CVE•added 2021/07/26 5:15 p.m.•261 views

CVE-2021-32792

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using OIDCPreservePos...

6.1CVSS5AI score0.00141EPSS

CVE•added 2021/07/22 10:15 p.m.•241 views

CVE-2021-32785

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (OIDCC...

7.5CVSS6.4AI score0.00155EPSS

CVE•added 2020/02/20 6:15 a.m.•221 views

CVE-2019-20479

A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.

6.1CVSS6.1AI score0.00474EPSS

CVE•added 2019/11/26 12:15 p.m.•188 views

CVE-2019-14857

A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.

6.1CVSS6.4AI score0.00827EPSS

CVE•added 2021/09/03 2:15 p.m.•128 views

CVE-2021-39191

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported t...

6.1CVSS5.3AI score0.00371EPSS

CVE•added 2022/12/14 6:15 p.m.•114 views

CVE-2022-23527

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly che...

6.1CVSS5.7AI score0.0036EPSS

CVE•added 2019/07/19 3:15 p.m.•92 views

CVE-2019-1010247

ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10....

6.1CVSS6.1AI score0.00356EPSS

CVE•added 2017/04/12 8:59 p.m.•62 views

CVE-2017-6059

Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.

7.5CVSS7.4AI score0.0201EPSS