CVE-2021-32792

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 26-07-2021 07:15

Last modified: - 10-05-2022 08:02

Total changes: - 6

Description

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

Low

Integrity

None

Privileges required

Changed

Scope

Required

User interaction

6.1

Base score

2.8

2.7

Exploitability score

Impact score

Verification logic

AND

vendor=zmartzone AND product=mod_auth_openidc AND versionEndExcluding=2.4.9

vendor=apache AND product=http_server AND versionEndIncluding=2.4.48 AND versionStartIncluding=2.0.0

vendor=fedoraproject AND product=fedora AND version=33

vendor=fedoraproject AND product=fedora AND version=34

Reference

https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j
https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56
https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9
https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751
FEDORA-2021-17f5cedf66-Mailing List, Third Party Advisory
FEDORA-2021-e3017c538a-Mailing List, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Keywords

CVE-2021-32792

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-32792

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures