A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
25 May 2023, 20:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:openidc:mod_auth_openidc:*:*:*:*:*:*:*:* |
30 Apr 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Jan 2022, 19:39
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/07/msg00028.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGXONXPWTX7DV62TIUIUVOZF4KQ6SIJE/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27XJYAEONKJDESNE7WVZF5D2Z2OBY5JK/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/02/msg00035.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00036.html - Mailing List, Third Party Advisory |
Information
Published : 2020-02-20 06:15
Updated : 2024-02-04 20:39
NVD link : CVE-2019-20479
Mitre link : CVE-2019-20479
CVE.ORG link : CVE-2019-20479
JSON object : View
Products Affected
opensuse
- leap
debian
- debian_linux
openidc
- mod_auth_openidc
fedoraproject
- fedora
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')