Mod Auth Openidc Security Vulnerabilities and Issues — Mod Auth Openidc CVE List

Lucene search

OpenidcMod Auth Openidc

4 matches found

cve•added 2021/07/22 10:15 p.m.•265 views

CVE-2021-32786

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, oidc_validate_redirect_url() does not parse URLs the same way as most bro...

6.1CVSS5.4AI score0.00088EPSS

cve•added 2021/07/26 5:15 p.m.•265 views

CVE-2021-32791

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV...

5.9CVSS6AI score0.00228EPSS

cve•added 2021/07/26 5:15 p.m.•253 views

CVE-2021-32792

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using OIDCPreservePos...

6.1CVSS5AI score0.00144EPSS

cve•added 2021/07/22 10:15 p.m.•235 views

CVE-2021-32785

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (OIDCC...

7.5CVSS6.4AI score0.00159EPSS