5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
libapache2-mod-auth-openidc has insecure cryptographic functions. The vulnerability existis due to reusing the same key.
github.com/zmartzone/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c
github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9
github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r
lists.fedoraproject.org/archives/list/[email protected]/message/FZVF6BSJLRQZ7PFFR4X5JSU6KUJYNOCU/
lists.fedoraproject.org/archives/list/[email protected]/message/QXAWKPT5LXZSUTFSJ6IWSZC7RMYYQXQD/
security-tracker.debian.org/tracker/CVE-2021-32791
www.oracle.com/security-alerts/cpuapr2022.html
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N