Updated: 2023-11-07 19:26:21.442732
Description:
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | MEDIUM | 4.3 |
CVSS Version 3.x | MEDIUM | 6.1 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
CentOS 6 ELS | httpd | 2.2.15 | 6.1 | MEDIUM | Not Vulnerable | 2022-04-19 21:49:50 | |
CentOS 8.4 ELS | httpd | 2.4.37 | 6.1 | MEDIUM | Ignored | 2022-05-10 16:04:33 | |
CentOS 8.5 ELS | httpd | 2.4.37 | 6.1 | MEDIUM | Ignored | 2022-05-10 16:04:34 | |
CloudLinux 6 ELS | httpd | 2.2.15 | 6.1 | MEDIUM | Not Vulnerable | 2022-04-19 21:49:50 | |
Oracle Linux 6 ELS | httpd | 2.2.15 | 6.1 | MEDIUM | Not Vulnerable | 2022-04-19 21:49:50 |