Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-32792 (GCVE-0-2021-32792)
Vulnerability from cvelistv5 – Published: 2021-07-26 00:00 – Updated: 2024-08-03 23:33
VLAI?
EPSS
Title
XSS vulnerability when using OIDCPreservePost On in mod_auth_openidc
Summary
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
8 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| zmartzone | mod_auth_openidc |
Affected:
< 2.4.9
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56"
},
{
"name": "FEDORA-2021-e3017c538a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZVF6BSJLRQZ7PFFR4X5JSU6KUJYNOCU/"
},
{
"name": "FEDORA-2021-17f5cedf66",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXAWKPT5LXZSUTFSJ6IWSZC7RMYYQXQD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[debian-lts-announce] 20230430 [SECURITY] [DLA 3409-1] libapache2-mod-auth-openidc security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mod_auth_openidc",
"vendor": "zmartzone",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-30T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9"
},
{
"url": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j"
},
{
"url": "https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751"
},
{
"url": "https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56"
},
{
"name": "FEDORA-2021-e3017c538a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZVF6BSJLRQZ7PFFR4X5JSU6KUJYNOCU/"
},
{
"name": "FEDORA-2021-17f5cedf66",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXAWKPT5LXZSUTFSJ6IWSZC7RMYYQXQD/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[debian-lts-announce] 20230430 [SECURITY] [DLA 3409-1] libapache2-mod-auth-openidc security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html"
}
],
"source": {
"advisory": "GHSA-458c-7pwg-3j7j",
"discovery": "UNKNOWN"
},
"title": "XSS vulnerability when using OIDCPreservePost On in mod_auth_openidc"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32792",
"datePublished": "2021-07-26T00:00:00.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:33:55.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-32792",
"date": "2026-05-20",
"epss": "0.00197",
"percentile": "0.41337"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openidc:mod_auth_openidc:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.4.9\", \"matchCriteriaId\": \"FAEFDBA2-55AD-410B-95C4-D2524C65B4A8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0.0\", \"versionEndIncluding\": \"2.4.48\", \"matchCriteriaId\": \"BC9C65B5-0989-4D64-9BED-1E391AD971AE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.\"}, {\"lang\": \"es\", \"value\": \"mod_auth_openidc es un m\\u00f3dulo de autenticaci\\u00f3n/autorizaci\\u00f3n para el servidor HTTP Apache versi\\u00f3n 2.x que funciona como OpenID Connect Relying Party, autenticando a usuarios contra un proveedor de OpenID Connect. En mod_auth_openidc versiones anteriores a 2.4.9, se presenta una vulnerabilidad de tipo XSS cuando se usa el par\\u00e1metro \\\"OIDCPreservePost On\\\"\"}]",
"id": "CVE-2021-32792",
"lastModified": "2024-11-21T06:07:45.070",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\", \"baseScore\": 3.1, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2021-07-26T17:15:08.280",
"references": "[{\"url\": \"https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZVF6BSJLRQZ7PFFR4X5JSU6KUJYNOCU/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXAWKPT5LXZSUTFSJ6IWSZC7RMYYQXQD/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZVF6BSJLRQZ7PFFR4X5JSU6KUJYNOCU/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXAWKPT5LXZSUTFSJ6IWSZC7RMYYQXQD/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-32792\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-07-26T17:15:08.280\",\"lastModified\":\"2024-11-21T06:07:45.070\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.\"},{\"lang\":\"es\",\"value\":\"mod_auth_openidc es un m\u00f3dulo de autenticaci\u00f3n/autorizaci\u00f3n para el servidor HTTP Apache versi\u00f3n 2.x que funciona como OpenID Connect Relying Party, autenticando a usuarios contra un proveedor de OpenID Connect. En mod_auth_openidc versiones anteriores a 2.4.9, se presenta una vulnerabilidad de tipo XSS cuando se usa el par\u00e1metro \\\"OIDCPreservePost On\\\"\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":3.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openidc:mod_auth_openidc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.9\",\"matchCriteriaId\":\"FAEFDBA2-55AD-410B-95C4-D2524C65B4A8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.4.48\",\"matchCriteriaId\":\"BC9C65B5-0989-4D64-9BED-1E391AD971AE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}],\"references\":[{\"url\":\"https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZVF6BSJLRQZ7PFFR4X5JSU6KUJYNOCU/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXAWKPT5LXZSUTFSJ6IWSZC7RMYYQXQD/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZVF6BSJLRQZ7PFFR4X5JSU6KUJYNOCU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXAWKPT5LXZSUTFSJ6IWSZC7RMYYQXQD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
alsa-2022:1823
Vulnerability from osv_almalinux
Published
2022-05-10 06:30
Modified
2022-05-10 08:02
Summary
Moderate: mod_auth_openidc:2.3 security update
Details
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
Security Fix(es):
-
mod_auth_openidc: open redirect in oidc_validate_redirect_url() (CVE-2021-32786)
-
mod_auth_openidc: hardcoded static IV and AAD with a reused key in AES GCM encryption (CVE-2021-32791)
-
mod_auth_openidc: XSS when using OIDCPreservePost On (CVE-2021-32792)
-
mod_auth_openidc: open redirect due to target_link_uri parameter not validated (CVE-2021-39191)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "cjose"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.1-2.module_el8.6.0+2868+44838709"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "cjose-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.1-2.module_el8.6.0+2868+44838709"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mod_auth_openidc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.7-11.module_el8.6.0+2868+44838709"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. \n\nSecurity Fix(es):\n\n* mod_auth_openidc: open redirect in oidc_validate_redirect_url() (CVE-2021-32786)\n\n* mod_auth_openidc: hardcoded static IV and AAD with a reused key in AES GCM encryption (CVE-2021-32791)\n\n* mod_auth_openidc: XSS when using OIDCPreservePost On (CVE-2021-32792)\n\n* mod_auth_openidc: open redirect due to target_link_uri parameter not validated (CVE-2021-39191)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2022:1823",
"modified": "2022-05-10T08:02:51Z",
"published": "2022-05-10T06:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-1823.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-32786"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-32791"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-32792"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-39191"
}
],
"related": [
"CVE-2021-32786",
"CVE-2021-32791",
"CVE-2021-32792",
"CVE-2021-39191"
],
"summary": "Moderate: mod_auth_openidc:2.3 security update"
}
BDU:2022-01785
Vulnerability from fstec - Published: 26.07.2021
VLAI Severity ?
Title
Уязвимость модуля аутентификации и авторизации для Apache 2.x HTTP server Mod_auth_openidc, позволяющая нарушителю оказать воздействие на целостность данных
Description
Уязвимость модуля аутентификации и авторизации для Apache 2.x HTTP server Mod_auth_openidc связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, оказать воздействие на целостность данных
Severity ?
Vendor
Сообщество свободного программного обеспечения, ZmartZone IAM
Software Name
Debian GNU/Linux, Mod_auth_openidc
Software Version
9 (Debian GNU/Linux), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), до 2.4.9 (Mod_auth_openidc)
Possible Mitigations
Для Mod_auth_openidc:
использование рекомендаций производителя: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j
Для Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2021-32792
Reference
https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751
https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j
https://nvd.nist.gov/vuln/detail/CVE-2021-32792
https://security-tracker.debian.org/tracker/CVE-2021-32792
CWE
CWE-79
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, ZmartZone IAM",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), \u0434\u043e 2.4.9 (Mod_auth_openidc)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Mod_auth_openidc:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2021-32792",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "26.07.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "05.04.2022",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "05.04.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-01785",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-32792",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Mod_auth_openidc",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u043b\u044f Apache 2.x HTTP server Mod_auth_openidc, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u043b\u044f Apache 2.x HTTP server Mod_auth_openidc \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751\nhttps://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56\nhttps://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-32792\nhttps://security-tracker.debian.org/tracker/CVE-2021-32792",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)"
}
FKIE_CVE-2021-32792
Vulnerability from fkie_nvd - Published: 2021-07-26 17:15 - Updated: 2024-11-21 06:07
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openidc | mod_auth_openidc | * | |
| apache | http_server | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openidc:mod_auth_openidc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAEFDBA2-55AD-410B-95C4-D2524C65B4A8",
"versionEndExcluding": "2.4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9C65B5-0989-4D64-9BED-1E391AD971AE",
"versionEndIncluding": "2.4.48",
"versionStartIncluding": "2.0.0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`."
},
{
"lang": "es",
"value": "mod_auth_openidc es un m\u00f3dulo de autenticaci\u00f3n/autorizaci\u00f3n para el servidor HTTP Apache versi\u00f3n 2.x que funciona como OpenID Connect Relying Party, autenticando a usuarios contra un proveedor de OpenID Connect. En mod_auth_openidc versiones anteriores a 2.4.9, se presenta una vulnerabilidad de tipo XSS cuando se usa el par\u00e1metro \"OIDCPreservePost On\""
}
],
"id": "CVE-2021-32792",
"lastModified": "2024-11-21T06:07:45.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-26T17:15:08.280",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZVF6BSJLRQZ7PFFR4X5JSU6KUJYNOCU/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXAWKPT5LXZSUTFSJ6IWSZC7RMYYQXQD/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZVF6BSJLRQZ7PFFR4X5JSU6KUJYNOCU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXAWKPT5LXZSUTFSJ6IWSZC7RMYYQXQD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2021-32792
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-32792",
"description": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.",
"id": "GSD-2021-32792",
"references": [
"https://www.suse.com/security/cve/CVE-2021-32792.html",
"https://advisories.mageia.org/CVE-2021-32792.html",
"https://linux.oracle.com/cve/CVE-2021-32792.html",
"https://access.redhat.com/errata/RHSA-2022:1823"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-32792"
],
"details": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.",
"id": "GSD-2021-32792",
"modified": "2023-12-13T01:23:09.284012Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32792",
"STATE": "PUBLIC",
"TITLE": "XSS vulnerability when using OIDCPreservePost On in mod_auth_openidc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mod_auth_openidc",
"version": {
"version_data": [
{
"version_value": "\u003c 2.4.9"
}
]
}
}
]
},
"vendor_name": "zmartzone"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9",
"refsource": "MISC",
"url": "https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9"
},
{
"name": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j",
"refsource": "CONFIRM",
"url": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j"
},
{
"name": "https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751",
"refsource": "MISC",
"url": "https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751"
},
{
"name": "https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56",
"refsource": "MISC",
"url": "https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56"
},
{
"name": "FEDORA-2021-e3017c538a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZVF6BSJLRQZ7PFFR4X5JSU6KUJYNOCU/"
},
{
"name": "FEDORA-2021-17f5cedf66",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXAWKPT5LXZSUTFSJ6IWSZC7RMYYQXQD/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[debian-lts-announce] 20230430 [SECURITY] [DLA 3409-1] libapache2-mod-auth-openidc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html"
}
]
},
"source": {
"advisory": "GHSA-458c-7pwg-3j7j",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openidc:mod_auth_openidc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.4.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.48",
"versionStartIncluding": "2.0.0",
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32792"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j"
},
{
"name": "https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56"
},
{
"name": "https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9",
"refsource": "MISC",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9"
},
{
"name": "https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751"
},
{
"name": "FEDORA-2021-17f5cedf66",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXAWKPT5LXZSUTFSJ6IWSZC7RMYYQXQD/"
},
{
"name": "FEDORA-2021-e3017c538a",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZVF6BSJLRQZ7PFFR4X5JSU6KUJYNOCU/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[debian-lts-announce] 20230430 [SECURITY] [DLA 3409-1] libapache2-mod-auth-openidc security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2023-05-25T20:18Z",
"publishedDate": "2021-07-26T17:15Z"
}
}
}
MSRC_CVE-2021-32792
Vulnerability from csaf_microsoft - Published: 2021-07-02 00:00 - Updated: 2021-12-16 00:00Summary
XSS vulnerability when using OIDCPreservePost On in mod_auth_openidc
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17030-17086 | — |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17086-1 | — |
Vendor Fix
fix
|
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2021-32792 XSS vulnerability when using OIDCPreservePost On in mod_auth_openidc - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-32792.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "XSS vulnerability when using OIDCPreservePost On in mod_auth_openidc",
"tracking": {
"current_release_date": "2021-12-16T00:00:00.000Z",
"generator": {
"date": "2025-10-19T22:05:50.752Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2021-32792",
"initial_release_date": "2021-07-02T00:00:00.000Z",
"revision_history": [
{
"date": "2021-12-16T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 httpd 2.4.52-1",
"product": {
"name": "\u003ccbl2 httpd 2.4.52-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 httpd 2.4.52-1",
"product": {
"name": "cbl2 httpd 2.4.52-1",
"product_id": "17030"
}
}
],
"category": "product_name",
"name": "httpd"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 httpd 2.4.52-1 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 httpd 2.4.52-1 as a component of CBL Mariner 2.0",
"product_id": "17030-17086"
},
"product_reference": "17030",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-32792",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0026#39;Cross-site Scripting\u0026#39;)"
},
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"17030-17086"
],
"known_affected": [
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-32792 XSS vulnerability when using OIDCPreservePost On in mod_auth_openidc - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-32792.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-12-16T00:00:00.000Z",
"details": "2.4.52-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"17086-1"
]
}
],
"title": "XSS vulnerability when using OIDCPreservePost On in mod_auth_openidc"
}
]
}
OPENSUSE-SU-2021:1277-1
Vulnerability from csaf_opensuse - Published: 2021-09-16 10:07 - Updated: 2021-09-16 10:07Summary
Security update for apache2-mod_auth_openidc
Severity
Moderate
Notes
Title of the patch: Security update for apache2-mod_auth_openidc
Description of the patch: This update for apache2-mod_auth_openidc fixes the following issues:
- CVE-2021-32785: format string bug via hiredis (bsc#1188638)
- CVE-2021-32786: open redirect in logout functionality (bsc#1188639)
- CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption (bsc#1188849)
- CVE-2021-32792: XSS when using OIDCPreservePost On (bsc#1188848)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames: openSUSE-2021-1277
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.7 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2-mod_auth_openidc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2-mod_auth_openidc fixes the following issues:\n\n- CVE-2021-32785: format string bug via hiredis (bsc#1188638)\n- CVE-2021-32786: open redirect in logout functionality (bsc#1188639)\n- CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption (bsc#1188849)\n- CVE-2021-32792: XSS when using OIDCPreservePost On (bsc#1188848)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-1277",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1277-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1277-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4FGDDGUNYC724M4QGEPJORKASFRVKJ5V/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1277-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4FGDDGUNYC724M4QGEPJORKASFRVKJ5V/"
},
{
"category": "self",
"summary": "SUSE Bug 1188638",
"url": "https://bugzilla.suse.com/1188638"
},
{
"category": "self",
"summary": "SUSE Bug 1188639",
"url": "https://bugzilla.suse.com/1188639"
},
{
"category": "self",
"summary": "SUSE Bug 1188848",
"url": "https://bugzilla.suse.com/1188848"
},
{
"category": "self",
"summary": "SUSE Bug 1188849",
"url": "https://bugzilla.suse.com/1188849"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32785 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32786 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32791 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32792 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32792/"
}
],
"title": "Security update for apache2-mod_auth_openidc",
"tracking": {
"current_release_date": "2021-09-16T10:07:24Z",
"generator": {
"date": "2021-09-16T10:07:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1277-1",
"initial_release_date": "2021-09-16T10:07:24Z",
"revision_history": [
{
"date": "2021-09-16T10:07:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64",
"product": {
"name": "apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64",
"product_id": "apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-32785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32785"
}
],
"notes": [
{
"category": "general",
"text": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32785",
"url": "https://www.suse.com/security/cve/CVE-2021-32785"
},
{
"category": "external",
"summary": "SUSE Bug 1188638 for CVE-2021-32785",
"url": "https://bugzilla.suse.com/1188638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-16T10:07:24Z",
"details": "moderate"
}
],
"title": "CVE-2021-32785"
},
{
"cve": "CVE-2021-32786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32786"
}
],
"notes": [
{
"category": "general",
"text": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. This bug has been fixed in version 2.4.9 by replacing any backslash of the URL to redirect with slashes to address a particular breaking change between the different specifications (RFC2396 / RFC3986 and WHATWG). As a workaround, this vulnerability can be mitigated by configuring `mod_auth_openidc` to only allow redirection whose destination matches a given regular expression.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32786",
"url": "https://www.suse.com/security/cve/CVE-2021-32786"
},
{
"category": "external",
"summary": "SUSE Bug 1188639 for CVE-2021-32786",
"url": "https://bugzilla.suse.com/1188639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-16T10:07:24Z",
"details": "moderate"
}
],
"title": "CVE-2021-32786"
},
{
"cve": "CVE-2021-32791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32791"
}
],
"notes": [
{
"category": "general",
"text": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32791",
"url": "https://www.suse.com/security/cve/CVE-2021-32791"
},
{
"category": "external",
"summary": "SUSE Bug 1188849 for CVE-2021-32791",
"url": "https://bugzilla.suse.com/1188849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-16T10:07:24Z",
"details": "moderate"
}
],
"title": "CVE-2021-32791"
},
{
"cve": "CVE-2021-32792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32792"
}
],
"notes": [
{
"category": "general",
"text": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32792",
"url": "https://www.suse.com/security/cve/CVE-2021-32792"
},
{
"category": "external",
"summary": "SUSE Bug 1188848 for CVE-2021-32792",
"url": "https://bugzilla.suse.com/1188848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:apache2-mod_auth_openidc-2.3.8-lp152.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-16T10:07:24Z",
"details": "low"
}
],
"title": "CVE-2021-32792"
}
]
}
OPENSUSE-SU-2021:3020-1
Vulnerability from csaf_opensuse - Published: 2021-09-13 07:17 - Updated: 2021-09-13 07:17Summary
Security update for apache2-mod_auth_openidc
Severity
Moderate
Notes
Title of the patch: Security update for apache2-mod_auth_openidc
Description of the patch: This update for apache2-mod_auth_openidc fixes the following issues:
- CVE-2021-32785: format string bug via hiredis (bsc#1188638)
- CVE-2021-32786: open redirect in logout functionality (bsc#1188639)
- CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption (bsc#1188849)
- CVE-2021-32792: XSS when using OIDCPreservePost On (bsc#1188848)
Patchnames: openSUSE-SLE-15.3-2021-3020
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.7 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2-mod_auth_openidc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2-mod_auth_openidc fixes the following issues:\n\n- CVE-2021-32785: format string bug via hiredis (bsc#1188638)\n- CVE-2021-32786: open redirect in logout functionality (bsc#1188639)\n- CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption (bsc#1188849)\n- CVE-2021-32792: XSS when using OIDCPreservePost On (bsc#1188848)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2021-3020",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_3020-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:3020-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/54B4RYNP5L63X2FMX2QCVYB2LGLL42IY/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:3020-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/54B4RYNP5L63X2FMX2QCVYB2LGLL42IY/"
},
{
"category": "self",
"summary": "SUSE Bug 1188638",
"url": "https://bugzilla.suse.com/1188638"
},
{
"category": "self",
"summary": "SUSE Bug 1188639",
"url": "https://bugzilla.suse.com/1188639"
},
{
"category": "self",
"summary": "SUSE Bug 1188848",
"url": "https://bugzilla.suse.com/1188848"
},
{
"category": "self",
"summary": "SUSE Bug 1188849",
"url": "https://bugzilla.suse.com/1188849"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32785 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32786 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32791 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32792 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32792/"
}
],
"title": "Security update for apache2-mod_auth_openidc",
"tracking": {
"current_release_date": "2021-09-13T07:17:23Z",
"generator": {
"date": "2021-09-13T07:17:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:3020-1",
"initial_release_date": "2021-09-13T07:17:23Z",
"revision_history": [
{
"date": "2021-09-13T07:17:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64",
"product": {
"name": "apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64",
"product_id": "apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le",
"product": {
"name": "apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le",
"product_id": "apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_auth_openidc-2.3.8-3.15.1.s390x",
"product": {
"name": "apache2-mod_auth_openidc-2.3.8-3.15.1.s390x",
"product_id": "apache2-mod_auth_openidc-2.3.8-3.15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64",
"product": {
"name": "apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64",
"product_id": "apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-3.15.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.s390x"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-3.15.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64"
},
"product_reference": "apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-32785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32785"
}
],
"notes": [
{
"category": "general",
"text": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.s390x",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32785",
"url": "https://www.suse.com/security/cve/CVE-2021-32785"
},
{
"category": "external",
"summary": "SUSE Bug 1188638 for CVE-2021-32785",
"url": "https://bugzilla.suse.com/1188638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.s390x",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.s390x",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-13T07:17:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-32785"
},
{
"cve": "CVE-2021-32786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32786"
}
],
"notes": [
{
"category": "general",
"text": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. This bug has been fixed in version 2.4.9 by replacing any backslash of the URL to redirect with slashes to address a particular breaking change between the different specifications (RFC2396 / RFC3986 and WHATWG). As a workaround, this vulnerability can be mitigated by configuring `mod_auth_openidc` to only allow redirection whose destination matches a given regular expression.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.s390x",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32786",
"url": "https://www.suse.com/security/cve/CVE-2021-32786"
},
{
"category": "external",
"summary": "SUSE Bug 1188639 for CVE-2021-32786",
"url": "https://bugzilla.suse.com/1188639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.s390x",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.s390x",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-13T07:17:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-32786"
},
{
"cve": "CVE-2021-32791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32791"
}
],
"notes": [
{
"category": "general",
"text": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.s390x",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32791",
"url": "https://www.suse.com/security/cve/CVE-2021-32791"
},
{
"category": "external",
"summary": "SUSE Bug 1188849 for CVE-2021-32791",
"url": "https://bugzilla.suse.com/1188849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.s390x",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.s390x",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-13T07:17:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-32791"
},
{
"cve": "CVE-2021-32792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32792"
}
],
"notes": [
{
"category": "general",
"text": "mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.s390x",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32792",
"url": "https://www.suse.com/security/cve/CVE-2021-32792"
},
{
"category": "external",
"summary": "SUSE Bug 1188848 for CVE-2021-32792",
"url": "https://bugzilla.suse.com/1188848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.s390x",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.aarch64",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.ppc64le",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.s390x",
"openSUSE Leap 15.3:apache2-mod_auth_openidc-2.3.8-3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-13T07:17:23Z",
"details": "low"
}
],
"title": "CVE-2021-32792"
}
]
}
RHSA-2022:1823
Vulnerability from csaf_redhat - Published: 2022-05-10 13:36 - Updated: 2025-11-21 18:30Summary
Red Hat Security Advisory: mod_auth_openidc:2.3 security update
Severity
Moderate
Notes
Topic: An update for the mod_auth_openidc:2.3 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
Security Fix(es):
* mod_auth_openidc: open redirect in oidc_validate_redirect_url() (CVE-2021-32786)
* mod_auth_openidc: hardcoded static IV and AAD with a reused key in AES GCM encryption (CVE-2021-32791)
* mod_auth_openidc: XSS when using OIDCPreservePost On (CVE-2021-32792)
* mod_auth_openidc: open redirect due to target_link_uri parameter not validated (CVE-2021-39191)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in mod_auth_openidc where it does not sanitize redirection URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.
6.1 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in mod_auth_openidc. The AES GCM encryption uses a static IV and AAD which could lead to other cryptographic attacks. The highest threat from this liability is to data confidentiality.
5.9 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in mod_auth_openidc. When mod_auth_openidc is configured with `OIDCPreservePost On` it is possible to trigger a cross site scripting(XSS) vulnerability that could be used by a remote attacker to execute code on the browser of the victim user. The highest threat from this flaw is to data confidentiality and integrity.
6.1 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A open redirect flaw was found in mod_auth_openidc where it does not sanitize target_link_uri paramater properly. This issue could be used by a remote attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. As a result of this redirection victim users may give more credibility to the attacker controlled server because coming from a trusted application.
6.1 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the mod_auth_openidc:2.3 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. \n\nSecurity Fix(es):\n\n* mod_auth_openidc: open redirect in oidc_validate_redirect_url() (CVE-2021-32786)\n\n* mod_auth_openidc: hardcoded static IV and AAD with a reused key in AES GCM encryption (CVE-2021-32791)\n\n* mod_auth_openidc: XSS when using OIDCPreservePost On (CVE-2021-32792)\n\n* mod_auth_openidc: open redirect due to target_link_uri parameter not validated (CVE-2021-39191)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1823",
"url": "https://access.redhat.com/errata/RHSA-2022:1823"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"category": "external",
"summary": "1986102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986102"
},
{
"category": "external",
"summary": "1986395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986395"
},
{
"category": "external",
"summary": "1986397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986397"
},
{
"category": "external",
"summary": "2001646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001646"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1823.json"
}
],
"title": "Red Hat Security Advisory: mod_auth_openidc:2.3 security update",
"tracking": {
"current_release_date": "2025-11-21T18:30:33+00:00",
"generator": {
"date": "2025-11-21T18:30:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2022:1823",
"initial_release_date": "2022-05-10T13:36:28+00:00",
"revision_history": [
{
"date": "2022-05-10T13:36:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-05-10T13:36:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:30:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"product": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 (mod_auth_openidc:2.3)",
"product_id": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=aarch64\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"product": {
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 (mod_auth_openidc:2.3)",
"product_id": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-debuginfo@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=aarch64\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"product": {
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 (mod_auth_openidc:2.3)",
"product_id": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-debugsource@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=aarch64\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"product": {
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 (mod_auth_openidc:2.3)",
"product_id": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-devel@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=aarch64\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"product": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 (mod_auth_openidc:2.3)",
"product_id": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=aarch64\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"product": {
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 (mod_auth_openidc:2.3)",
"product_id": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc-debuginfo@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=aarch64\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"product": {
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 (mod_auth_openidc:2.3)",
"product_id": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc-debugsource@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=aarch64\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3",
"product": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.src (mod_auth_openidc:2.3)",
"product_id": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=src\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3",
"product": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src (mod_auth_openidc:2.3)",
"product_id": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=src\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"product": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le (mod_auth_openidc:2.3)",
"product_id": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=ppc64le\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"product": {
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le (mod_auth_openidc:2.3)",
"product_id": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-debuginfo@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=ppc64le\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"product": {
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le (mod_auth_openidc:2.3)",
"product_id": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-debugsource@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=ppc64le\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"product": {
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le (mod_auth_openidc:2.3)",
"product_id": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-devel@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=ppc64le\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"product": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le (mod_auth_openidc:2.3)",
"product_id": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=ppc64le\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"product": {
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le (mod_auth_openidc:2.3)",
"product_id": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc-debuginfo@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=ppc64le\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"product": {
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le (mod_auth_openidc:2.3)",
"product_id": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc-debugsource@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=ppc64le\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"product": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x (mod_auth_openidc:2.3)",
"product_id": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=s390x\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"product": {
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x (mod_auth_openidc:2.3)",
"product_id": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-debuginfo@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=s390x\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"product": {
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x (mod_auth_openidc:2.3)",
"product_id": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-debugsource@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=s390x\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"product": {
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x (mod_auth_openidc:2.3)",
"product_id": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-devel@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=s390x\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"product": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x (mod_auth_openidc:2.3)",
"product_id": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=s390x\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"product": {
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x (mod_auth_openidc:2.3)",
"product_id": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc-debuginfo@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=s390x\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"product": {
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x (mod_auth_openidc:2.3)",
"product_id": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc-debugsource@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=s390x\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"product": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 (mod_auth_openidc:2.3)",
"product_id": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=x86_64\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"product": {
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 (mod_auth_openidc:2.3)",
"product_id": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-debuginfo@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=x86_64\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"product": {
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 (mod_auth_openidc:2.3)",
"product_id": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-debugsource@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=x86_64\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"product": {
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 (mod_auth_openidc:2.3)",
"product_id": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-devel@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=x86_64\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"product": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 (mod_auth_openidc:2.3)",
"product_id": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=x86_64\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"product": {
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 (mod_auth_openidc:2.3)",
"product_id": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc-debuginfo@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=x86_64\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"product": {
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 (mod_auth_openidc:2.3)",
"product_id": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc-debugsource@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=x86_64\u0026rpmmod=mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3"
},
"product_reference": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3"
},
"product_reference": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3"
},
"product_reference": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.src (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3"
},
"product_reference": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3"
},
"product_reference": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3"
},
"product_reference": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3"
},
"product_reference": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3"
},
"product_reference": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3"
},
"product_reference": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3"
},
"product_reference": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3"
},
"product_reference": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3"
},
"product_reference": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3"
},
"product_reference": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3"
},
"product_reference": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3"
},
"product_reference": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3"
},
"product_reference": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3"
},
"product_reference": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3"
},
"product_reference": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3"
},
"product_reference": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3"
},
"product_reference": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3"
},
"product_reference": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3"
},
"product_reference": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3"
},
"product_reference": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3"
},
"product_reference": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3"
},
"product_reference": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3"
},
"product_reference": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3"
},
"product_reference": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3"
},
"product_reference": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3"
},
"product_reference": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 (mod_auth_openidc:2.3) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3"
},
"product_reference": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"relates_to_product_reference": "AppStream-8.6.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-32786",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2021-07-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1986102"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in mod_auth_openidc where it does not sanitize redirection URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_auth_openidc: open redirect in oidc_validate_redirect_url()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-32786"
},
{
"category": "external",
"summary": "RHBZ#1986102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986102"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-32786",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-32786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32786"
},
{
"category": "external",
"summary": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7",
"url": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7"
}
],
"release_date": "2021-07-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:36:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1823"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_auth_openidc: open redirect in oidc_validate_redirect_url()"
},
{
"cve": "CVE-2021-32791",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2021-07-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1986395"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in mod_auth_openidc. The AES GCM encryption uses a static IV and AAD which could lead to other cryptographic attacks. The highest threat from this liability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_auth_openidc: hardcoded static IV and AAD with a reused key in AES GCM encryption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-32791"
},
{
"category": "external",
"summary": "RHBZ#1986395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-32791",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32791"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-32791",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32791"
},
{
"category": "external",
"summary": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r",
"url": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r"
}
],
"release_date": "2021-07-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:36:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1823"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_auth_openidc: hardcoded static IV and AAD with a reused key in AES GCM encryption"
},
{
"cve": "CVE-2021-32792",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-07-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1986397"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in mod_auth_openidc. When mod_auth_openidc is configured with `OIDCPreservePost On` it is possible to trigger a cross site scripting(XSS) vulnerability that could be used by a remote attacker to execute code on the browser of the victim user. The highest threat from this flaw is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_auth_openidc: XSS when using OIDCPreservePost On",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of mod_auth_openidc as shipped with Red Hat Enterprise Linux 7 as they did not include support for OIDCPreservePost option.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-32792"
},
{
"category": "external",
"summary": "RHBZ#1986397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-32792",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32792"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-32792",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32792"
},
{
"category": "external",
"summary": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j",
"url": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j"
}
],
"release_date": "2021-07-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:36:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1823"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_auth_openidc: XSS when using OIDCPreservePost On"
},
{
"cve": "CVE-2021-39191",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2021-09-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2001646"
}
],
"notes": [
{
"category": "description",
"text": "A open redirect flaw was found in mod_auth_openidc where it does not sanitize target_link_uri paramater properly. This issue could be used by a remote attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. As a result of this redirection victim users may give more credibility to the attacker controlled server because coming from a trusted application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_auth_openidc: open redirect due to target_link_uri parameter not validated",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-39191"
},
{
"category": "external",
"summary": "RHBZ#2001646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001646"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-39191",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39191"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39191",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39191"
},
{
"category": "external",
"summary": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-2pgf-8h6h-gqg2",
"url": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-2pgf-8h6h-gqg2"
}
],
"release_date": "2021-09-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:36:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1823"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x::mod_auth_openidc:2.3",
"AppStream-8.6.0.GA:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64::mod_auth_openidc:2.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_auth_openidc: open redirect due to target_link_uri parameter not validated"
}
]
}
RHSA-2022_1823
Vulnerability from csaf_redhat - Published: 2022-05-10 13:36 - Updated: 2024-11-22 17:48Summary
Red Hat Security Advisory: mod_auth_openidc:2.3 security update
Severity
Moderate
Notes
Topic: An update for the mod_auth_openidc:2.3 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
Security Fix(es):
* mod_auth_openidc: open redirect in oidc_validate_redirect_url() (CVE-2021-32786)
* mod_auth_openidc: hardcoded static IV and AAD with a reused key in AES GCM encryption (CVE-2021-32791)
* mod_auth_openidc: XSS when using OIDCPreservePost On (CVE-2021-32792)
* mod_auth_openidc: open redirect due to target_link_uri parameter not validated (CVE-2021-39191)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in mod_auth_openidc where it does not sanitize redirection URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.
6.1 (Medium)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in mod_auth_openidc. The AES GCM encryption uses a static IV and AAD which could lead to other cryptographic attacks. The highest threat from this liability is to data confidentiality.
5.9 (Medium)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in mod_auth_openidc. When mod_auth_openidc is configured with `OIDCPreservePost On` it is possible to trigger a cross site scripting(XSS) vulnerability that could be used by a remote attacker to execute code on the browser of the victim user. The highest threat from this flaw is to data confidentiality and integrity.
6.1 (Medium)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A open redirect flaw was found in mod_auth_openidc where it does not sanitize target_link_uri paramater properly. This issue could be used by a remote attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. As a result of this redirection victim users may give more credibility to the attacker controlled server because coming from a trusted application.
6.1 (Medium)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the mod_auth_openidc:2.3 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. \n\nSecurity Fix(es):\n\n* mod_auth_openidc: open redirect in oidc_validate_redirect_url() (CVE-2021-32786)\n\n* mod_auth_openidc: hardcoded static IV and AAD with a reused key in AES GCM encryption (CVE-2021-32791)\n\n* mod_auth_openidc: XSS when using OIDCPreservePost On (CVE-2021-32792)\n\n* mod_auth_openidc: open redirect due to target_link_uri parameter not validated (CVE-2021-39191)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1823",
"url": "https://access.redhat.com/errata/RHSA-2022:1823"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"category": "external",
"summary": "1986102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986102"
},
{
"category": "external",
"summary": "1986395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986395"
},
{
"category": "external",
"summary": "1986397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986397"
},
{
"category": "external",
"summary": "2001646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001646"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1823.json"
}
],
"title": "Red Hat Security Advisory: mod_auth_openidc:2.3 security update",
"tracking": {
"current_release_date": "2024-11-22T17:48:38+00:00",
"generator": {
"date": "2024-11-22T17:48:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:1823",
"initial_release_date": "2022-05-10T13:36:28+00:00",
"revision_history": [
{
"date": "2022-05-10T13:36:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-05-10T13:36:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T17:48:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_auth_openidc:2.3:8060020220131105504:d63f516d",
"product": {
"name": "mod_auth_openidc:2.3:8060020220131105504:d63f516d",
"product_id": "mod_auth_openidc:2.3:8060020220131105504:d63f516d",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/mod_auth_openidc@2.3:8060020220131105504:d63f516d"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"product": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"product_id": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"product": {
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"product_id": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-debuginfo@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"product": {
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"product_id": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-debugsource@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"product": {
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"product_id": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-devel@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"product": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"product_id": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"product": {
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"product_id": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc-debuginfo@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"product": {
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"product_id": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc-debugsource@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.src",
"product": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.src",
"product_id": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src",
"product": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src",
"product_id": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"product": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"product_id": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"product": {
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"product_id": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-debuginfo@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"product": {
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"product_id": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-debugsource@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"product": {
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"product_id": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-devel@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"product": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"product_id": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"product": {
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"product_id": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc-debuginfo@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"product": {
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"product_id": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc-debugsource@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"product": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"product_id": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"product": {
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"product_id": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-debuginfo@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"product": {
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"product_id": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-debugsource@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"product": {
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"product_id": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-devel@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"product": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"product_id": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"product": {
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"product_id": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc-debuginfo@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"product": {
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"product_id": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc-debugsource@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"product": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"product_id": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"product": {
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"product_id": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-debuginfo@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"product": {
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"product_id": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-debugsource@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"product": {
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"product_id": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cjose-devel@0.6.1-2.module%2Bel8%2B2454%2Bf890a43a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"product": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"product_id": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"product": {
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"product_id": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc-debuginfo@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"product": {
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"product_id": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_auth_openidc-debugsource@2.3.7-11.module%2Bel8.6.0%2B14082%2Bb6f23e95?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
"product_reference": "mod_auth_openidc:2.3:8060020220131105504:d63f516d",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64"
},
"product_reference": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le"
},
"product_reference": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x"
},
"product_reference": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.src as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src"
},
"product_reference": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.src",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64"
},
"product_reference": "cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64"
},
"product_reference": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le"
},
"product_reference": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x"
},
"product_reference": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64"
},
"product_reference": "cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64"
},
"product_reference": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le"
},
"product_reference": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x"
},
"product_reference": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64"
},
"product_reference": "cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64 as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64"
},
"product_reference": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le"
},
"product_reference": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x"
},
"product_reference": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64 as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64"
},
"product_reference": "cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64"
},
"product_reference": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le"
},
"product_reference": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x"
},
"product_reference": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src"
},
"product_reference": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64"
},
"product_reference": "mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64"
},
"product_reference": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le"
},
"product_reference": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x"
},
"product_reference": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64"
},
"product_reference": "mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64 as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64"
},
"product_reference": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le"
},
"product_reference": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x"
},
"product_reference": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64 as a component of mod_auth_openidc:2.3:8060020220131105504:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64"
},
"product_reference": "mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-32786",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2021-07-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1986102"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in mod_auth_openidc where it does not sanitize redirection URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_auth_openidc: open redirect in oidc_validate_redirect_url()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-32786"
},
{
"category": "external",
"summary": "RHBZ#1986102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986102"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-32786",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-32786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32786"
},
{
"category": "external",
"summary": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7",
"url": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7"
}
],
"release_date": "2021-07-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:36:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1823"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_auth_openidc: open redirect in oidc_validate_redirect_url()"
},
{
"cve": "CVE-2021-32791",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2021-07-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1986395"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in mod_auth_openidc. The AES GCM encryption uses a static IV and AAD which could lead to other cryptographic attacks. The highest threat from this liability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_auth_openidc: hardcoded static IV and AAD with a reused key in AES GCM encryption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-32791"
},
{
"category": "external",
"summary": "RHBZ#1986395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-32791",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32791"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-32791",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32791"
},
{
"category": "external",
"summary": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r",
"url": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r"
}
],
"release_date": "2021-07-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:36:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1823"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_auth_openidc: hardcoded static IV and AAD with a reused key in AES GCM encryption"
},
{
"cve": "CVE-2021-32792",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-07-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1986397"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in mod_auth_openidc. When mod_auth_openidc is configured with `OIDCPreservePost On` it is possible to trigger a cross site scripting(XSS) vulnerability that could be used by a remote attacker to execute code on the browser of the victim user. The highest threat from this flaw is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_auth_openidc: XSS when using OIDCPreservePost On",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of mod_auth_openidc as shipped with Red Hat Enterprise Linux 7 as they did not include support for OIDCPreservePost option.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-32792"
},
{
"category": "external",
"summary": "RHBZ#1986397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-32792",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32792"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-32792",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32792"
},
{
"category": "external",
"summary": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j",
"url": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j"
}
],
"release_date": "2021-07-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:36:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1823"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_auth_openidc: XSS when using OIDCPreservePost On"
},
{
"cve": "CVE-2021-39191",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2021-09-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2001646"
}
],
"notes": [
{
"category": "description",
"text": "A open redirect flaw was found in mod_auth_openidc where it does not sanitize target_link_uri paramater properly. This issue could be used by a remote attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. As a result of this redirection victim users may give more credibility to the attacker controlled server because coming from a trusted application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_auth_openidc: open redirect due to target_link_uri parameter not validated",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-39191"
},
{
"category": "external",
"summary": "RHBZ#2001646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001646"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-39191",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39191"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39191",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39191"
},
{
"category": "external",
"summary": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-2pgf-8h6h-gqg2",
"url": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-2pgf-8h6h-gqg2"
}
],
"release_date": "2021-09-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:36:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1823"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.src",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debuginfo-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x",
"AppStream-8.6.0.GA:mod_auth_openidc:2.3:8060020220131105504:d63f516d:mod_auth_openidc-debugsource-0:2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_auth_openidc: open redirect due to target_link_uri parameter not validated"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…