QwikSec

Security Database

CVE

CWE

Training

CVE-2021-32792

Published: Jul 26, 2021

Modified: Aug 3, 2024

PUBLISHED

CVSS v3.1

3.1

LOW

Description

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.

Vendor	Product	Versions
zmartzone	mod_auth_openidc	affected `< 2.4.9`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9

https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j

https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751

https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56

FEDORA-2021-e3017c538a

vendor-advisory

FEDORA-2021-17f5cedf66

vendor-advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

[debian-lts-announce] 20230430 [SECURITY] [DLA 3409-1] libapache2-mod-auth-openidc security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.