An open redirect flaw exists in mod_auth_openidc, where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would redirect them to another possibly malicious URL. (CVE-2019-14857) An open redirect flaw exists in mod_auth_openidc where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with slash and backslash at the beginning to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would redirect him to another, possibly malicious, URL. (CVE-2019-20479)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openidc mod auth openidc |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
opensuse leap 15.1 |