CVE-2019-14857

Published: Nov 26, 2019

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

5.8

MEDIUM

Description

A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.

Vendor	Product	Versions
[UNKNOWN]	mod_auth_openidc	affected `2.4.0.1`

Weaknesses (CWE)

CWE-601

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14857

x_refsource_MISC

https://github.com/zmartzone/mod_auth_openidc/commit/5c15dfb08106c2451c2c44ce7ace6813c216ba75

x_refsource_CONFIRM

https://github.com/zmartzone/mod_auth_openidc/commit/ce37080c6aea30aabae8b4a9b4eea7808445cc8e

x_refsource_CONFIRM

https://github.com/zmartzone/mod_auth_openidc/pull/451

x_refsource_CONFIRM

https://groups.google.com/forum/#%21topic/mod_auth_openidc/boy1Ba3Gdk4

x_refsource_CONFIRM

[debian-lts-announce] 20200729 [SECURITY] [DLA 2298-1] libapache2-mod-auth-openidc security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-14857

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References