CVE-2019-14857 - A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs w

CVE-2019-14857

Summary

A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.

References

Vulnerable Configurations

cpe:2.3:a:openidc:mod_auth_openidc:*:*:*:*:*:*:*:*
cpe:2.3:a:openidc:mod_auth_openidc:*:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 25-05-2023 - 20:18)
Impact:
Exploitability:

CWE

CWE-601

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

redhat via4

rpms

cjose-0:0.6.1-2.module+el8+2454+f890a43a
cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a
cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a
cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a
mod_auth_openidc-0:2.3.7-4.module+el8.2.0+6919+ac02cfd2.3
mod_auth_openidc-debuginfo-0:2.3.7-4.module+el8.2.0+6919+ac02cfd2.3
mod_auth_openidc-debugsource-0:2.3.7-4.module+el8.2.0+6919+ac02cfd2.3
mod_auth_openidc-0:1.8.8-7.el7
mod_auth_openidc-debuginfo-0:1.8.8-7.el7

refmap via4

confirm	https://github.com/zmartzone/mod_auth_openidc/commit/5c15dfb08106c2451c2c44ce7ace6813c216ba75 https://github.com/zmartzone/mod_auth_openidc/commit/ce37080c6aea30aabae8b4a9b4eea7808445cc8e https://github.com/zmartzone/mod_auth_openidc/pull/451 https://groups.google.com/forum/#!topic/mod_auth_openidc/boy1Ba3Gdk4
misc	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14857
mlist	[debian-lts-announce] 20200729 [SECURITY] [DLA 2298-1] libapache2-mod-auth-openidc security update

Last major update

25-05-2023 - 20:18

Published

26-11-2019 - 12:15

Last modified

25-05-2023 - 20:18