Openidc

Mod Auth Openidc

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.2

CVE-2025-31492

  • EPSS 0.27%
  • Veröffentlicht 06.04.2025 20:02:20
  • Zuletzt bearbeitet 17.04.2025 11:15:48

mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of pr...

7.5

CVE-2024-24814

Exploit
  • EPSS 0.21%
  • Veröffentlicht 13.02.2024 19:15:11
  • Zuletzt bearbeitet 21.11.2024 08:59:46

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_...

7.5

CVE-2023-28625

  • EPSS 0.1%
  • Veröffentlicht 03.04.2023 14:15:07
  • Zuletzt bearbeitet 10.04.2025 20:46:37

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supp...

6.1

CVE-2022-23527

  • EPSS 0.36%
  • Veröffentlicht 14.12.2022 18:15:20
  • Zuletzt bearbeitet 21.11.2024 06:48:45

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in o...

6.1

CVE-2021-39191

Exploit
  • EPSS 0.42%
  • Veröffentlicht 03.09.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:18:50

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO...

5.9

CVE-2021-32791

  • EPSS 0.38%
  • Veröffentlicht 26.07.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:44

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GC...

6.1

CVE-2021-32792

  • EPSS 0.27%
  • Veröffentlicht 26.07.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:45

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is a...

7.5

CVE-2021-32785

  • EPSS 0.42%
  • Veröffentlicht 22.07.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:44

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are co...

6.1

CVE-2021-32786

Exploit
  • EPSS 0.12%
  • Veröffentlicht 22.07.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:44

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_...

7.5

CVE-2021-20718

  • EPSS 3.06%
  • Veröffentlicht 20.05.2021 02:15:07
  • Zuletzt bearbeitet 21.11.2024 05:47:04

mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.