Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2020-1448

Related Vulnerabilities: CVE-2019-14857   CVE-2019-20479  

An open redirect flaw was discovered in mod_auth_openidc, where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would redirect them to another possibly malicious URL. (CVE-2019-14857) An open redirect flaw was discovered in mod_auth_openidc where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with slash and backslash at the beginning to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would redirect him to another, possibly malicious, URL. (CVE-2019-20479)

Source

ALAS-2020-1448

Amazon Linux AMI Security Advisory: ALAS-2020-1448
Advisory Release Date: 2020-11-14 01:23 Pacific
Advisory Updated Date: 2020-11-16 20:52 Pacific
Severity: Medium
Issue Overview:

An open redirect flaw was discovered in mod_auth_openidc, where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would redirect them to another possibly malicious URL. (CVE-2019-14857)

An open redirect flaw was discovered in mod_auth_openidc where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with slash and backslash at the beginning to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would redirect him to another, possibly malicious, URL. (CVE-2019-20479)


Affected Packages:

mod24_auth_openidc


Issue Correction:
Run yum update mod24_auth_openidc to update your system.

New Packages:
i686:
    mod24_auth_openidc-debuginfo-1.8.8-7.6.amzn1.i686
    mod24_auth_openidc-1.8.8-7.6.amzn1.i686

src:
    mod24_auth_openidc-1.8.8-7.6.amzn1.src

x86_64:
    mod24_auth_openidc-1.8.8-7.6.amzn1.x86_64
    mod24_auth_openidc-debuginfo-1.8.8-7.6.amzn1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started