Extended Lifecycle Support CVE dashboard by TuxСare

CVEs Releases Projects

CVE-2021-32792

Updated: 2022-05-31 04:11:15.765409

Description:

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4.3
CVSS Version 3.x MEDIUM 6.1

Status

OS name Project name Version Status Errata Last updated
CentOS 6 ELS httpd 2.2.15 Not vulnerable 2022-04-19 21:49:50.042665
CentOS 8.4 ELS httpd 2.4.37 Ignored 2022-05-10 16:04:33.587947
CentOS 8.5 ELS httpd 2.4.37 Ignored 2022-05-10 16:04:34.625944
CloudLinux 6 ELS httpd 2.2.15 Not vulnerable 2022-04-19 21:49:50.076938
Oracle Linux 6 ELS httpd 2.2.15 Not vulnerable 2022-04-19 21:49:50.098303