Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openidc mod auth openidc vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2021-39191
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions before 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openi...
Openidc Mod Auth Openidc
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 10.0
5.8
CVSSv2
CVE-2021-32786
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions before 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the s...
Openidc Mod Auth Openidc
Fedoraproject Fedora 33
Fedoraproject Fedora 34
5.8
CVSSv2
CVE-2019-20479
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
Openidc Mod Auth Openidc
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Leap 15.1
5.8
CVSSv2
CVE-2019-14857
A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.
Openidc Mod Auth Openidc
5
CVSSv2
CVE-2021-20718
mod_auth_openidc 2.4.0 to 2.4.7 allows a remote malicious user to cause a denial-of-service (DoS) condition via unspecified vectors.
Openidc Mod Auth Openidc
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Oracle Essbase
5
CVSSv2
CVE-2017-6059
Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) prior to 2.14 allows remote malicious users to spoof page content via a malicious URL provided to the user, which triggers an invalid request.
Openidc Mod Auth Openidc
5
CVSSv2
CVE-2017-6062
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module prior to 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote mali...
Openidc Mod Auth Openidc
5
CVSSv2
CVE-2017-6413
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module prior to 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote malicious...
Openidc Mod Auth Openidc
4.3
CVSSv2
CVE-2021-32791
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openi...
Openidc Mod Auth Openidc
Fedoraproject Fedora 33
Fedoraproject Fedora 34
4.3
CVSSv2
CVE-2021-32792
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when us...
Openidc Mod Auth Openidc
Fedoraproject Fedora 33
Fedoraproject Fedora 34
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »