Published: 20/02/2020 Updated: 07/11/2023

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

An open redirect flaw exists in mod_auth_openidc, where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would redirect them to another possibly malicious URL. (CVE-2019-14857) An open redirect flaw exists in mod_auth_openidc where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with slash and backslash at the beginning to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would redirect him to another, possibly malicious, URL. (CVE-2019-20479)

Vulnerable Product	Search on Vulmon	Subscribe to Product
openidc mod auth openidc
debian debian linux 8.0
debian debian linux 9.0
fedoraproject fedora 31
fedoraproject fedora 32
opensuse leap 15.1

Synopsis Low: mod_auth_openidc security update Type/Severity Security Advisory: Low Topic An update for mod_auth_openidc is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, ...

概要 Moderate: mod_auth_openidc:23 security and bug fix update タイプ/重大度 Security Advisory: Moderate トピック An update for the mod_auth_openidc:23 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate ...

An open redirect flaw was discovered in mod_auth_openidc, where it handles logout redirection The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks A victim user may be tricked into visiting a trusted vulnerable web site, which would redirect them to another possibly malicious URL (CV ...

CWE-601 https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7 https://github.com/zmartzone/mod_auth_openidc/pull/453 https://lists.debian.org/debian-lts-announce/2020/02/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00036.html https://lists.debian.org/debian-lts-announce/2020/07/msg00028.html https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27XJYAEONKJDESNE7WVZF5D2Z2OBY5JK/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NGXONXPWTX7DV62TIUIUVOZF4KQ6SIJE/https://access.redhat.com/errata/RHSA-2020:3970 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2020-1538.html

CVE-2019-20479

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect