vulnerability
Oracle Linux: CVE-2021-32792: ELSA-2022-1823: mod_auth_openidc:2.3 security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:P/A:N) | 2021-07-24 | 2022-05-18 | 2024-12-17 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
2021-07-24
Added
2022-05-18
Modified
2024-12-17
Description
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.
A flaw was found in mod_auth_openidc. When mod_auth_openidc is configured with `OIDCPreservePost On` it is possible to trigger a cross site scripting(XSS) vulnerability that could be used by a remote attacker to execute code on the browser of the victim user. The highest threat from this flaw is to data confidentiality and integrity.
A flaw was found in mod_auth_openidc. When mod_auth_openidc is configured with `OIDCPreservePost On` it is possible to trigger a cross site scripting(XSS) vulnerability that could be used by a remote attacker to execute code on the browser of the victim user. The highest threat from this flaw is to data confidentiality and integrity.
Solution(s)
oracle-linux-upgrade-cjoseoracle-linux-upgrade-cjose-develoracle-linux-upgrade-mod-auth-openidc
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.