Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2021-3639

Published: 22/08/2022 Updated: 12/02/2023
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 0

Vulnerability Summary

A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an malicious user to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

uninett mod auth mellon

Vendor Advisories

Debian CVElist Bug Report Logs: libapache2-mod-auth-mellon: CVE-2021-3639: open redirect vulnerability
Debian Bug report logs - #991730 libapache2-mod-auth-mellon: CVE-2021-3639: open redirect vulnerability Package: src:libapache2-mod-auth-mellon; Maintainer for src:libapache2-mod-auth-mellon is Thijs Kinkhorst <thijs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 31 Jul 2021 07:21:05 UTC ...
Red Hat: Moderate: mod_auth_mellon security update
Synopsis Moderate: mod_auth_mellon security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for mod_auth_mellon is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this updat ...
Red Hat: Important: Red Hat OpenShift GitOps security update
Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift GitOps 15 in openshift-gitops-argocd containerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Amazon Linux AMI: ALAS-2023-1765
A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server The highest threat from this liability is to confidentiality and int ...
Amazon Linux 2: ALAS2-2023-2077
A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server The highest threat from this liability is to confidentiality and int ...

References

CWE-601https://bugzilla.redhat.com/show_bug.cgi?id=1980648https://access.redhat.com/security/cve/CVE-2021-3639https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991730https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2023-1765.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalationCVE-2024-20696CVE-2024-29829CVE-2024-33999CVE-2024-35646physicalCVE-2024-24919CVE-2024-31030local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook