Mod Auth Openidc@* Security Vulnerabilities and Issues — Mod Auth Openidc@* CVE List

Lucene search

OpenidcMod Auth Openidc*

16 matches found

CVE•added 2025/04/06 8:15 p.m.•950 views

CVE-2025-31492

mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthenticated users. The con...

8.2CVSS6.7AI score0.00349EPSS

CVE•added 2021/07/22 10:15 p.m.•263 views

CVE-2021-32786

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, oidc_validate_redirect_url() does not parse URLs the same way as most bro...

6.1CVSS5.4AI score0.00116EPSS

CVE•added 2021/07/26 5:15 p.m.•263 views

CVE-2021-32791

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV...

5.9CVSS6AI score0.00378EPSS

CVE•added 2021/07/26 5:15 p.m.•251 views

CVE-2021-32792

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using OIDCPreservePos...

6.1CVSS5AI score0.00265EPSS

CVE•added 2021/07/22 10:15 p.m.•235 views

CVE-2021-32785

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (OIDCC...

7.5CVSS6.4AI score0.00373EPSS

CVE•added 2020/02/20 6:15 a.m.•212 views

CVE-2019-20479

A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.

6.1CVSS6.1AI score0.00474EPSS

CVE•added 2023/04/03 2:15 p.m.•193 views

CVE-2023-28625

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur, resul...

7.5CVSS7.5AI score0.00103EPSS

CVE•added 2019/11/26 12:15 p.m.•178 views

CVE-2019-14857

A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.

6.1CVSS6.4AI score0.00708EPSS

CVE•added 2021/05/20 2:15 a.m.•126 views

CVE-2021-20718

mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.

7.5CVSS7.2AI score0.0306EPSS

CVE•added 2021/09/03 2:15 p.m.•119 views

CVE-2021-39191

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported t...

6.1CVSS5.3AI score0.00406EPSS

CVE•added 2022/12/14 6:15 p.m.•102 views

CVE-2022-23527

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly che...

6.1CVSS5.7AI score0.00332EPSS

CVE•added 2019/07/19 3:15 p.m.•90 views

CVE-2019-1010247

ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10....

6.1CVSS6.1AI score0.00356EPSS

CVE•added 2024/02/13 7:15 p.m.•89 views

CVE-2024-24814

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable t...

7.5CVSS7.4AI score0.00205EPSS

CVE•added 2017/03/02 6:59 a.m.•60 views

CVE-2017-6413

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTT...

8.6CVSS7.9AI score0.00408EPSS

CVE•added 2017/04/12 8:59 p.m.•57 views

CVE-2017-6059

Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.

7.5CVSS7.4AI score0.0201EPSS

CVE•added 2017/03/02 6:59 a.m.•45 views

CVE-2017-6062

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafte...

8.6CVSS7.9AI score0.00413EPSS