Skip to main content

Mod Auth Openidc CVE-2021-32792

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2021-07-26 security-advisories@github.com
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 26, 2021 - 17:15 nvd
MEDIUM 6.1

DescriptionNVD

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using OIDCPreservePost On.

AnalysisAI

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using OIDCPreservePost On. Affected products include: Openidc Mod Auth Openidc, Fedoraproject Fedora. Version information: version 2.4.9.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2024-24814 HIGH POC
7.5 Feb 13

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that imp

CVE-2021-39191 MEDIUM POC
6.1 Sep 03

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Co

CVE-2021-32786 MEDIUM POC
6.1 Jul 22

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Co

CVE-2017-6062 HIGH
8.6 Mar 02

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apac

CVE-2017-6413 HIGH
8.6 Mar 02

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apac

CVE-2017-6059 HIGH
7.5 Apr 12

Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.

CVE-2023-28625 HIGH
7.5 Apr 03

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID

CVE-2021-32785 HIGH
7.5 Jul 22

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Co

CVE-2021-20718 HIGH
7.5 May 20

mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified ve

CVE-2022-23527 MEDIUM
6.1 Dec 14

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Rated m

CVE-2019-14857 MEDIUM
6.1 Nov 26

A flaw was found in mod_auth_openidc before version 2.4.0.1. Rated medium severity (CVSS 6.1), this vulnerability is rem

CVE-2019-1010247 MEDIUM
6.1 Jul 19

ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). Rated medium severity (C

Share

CVE-2021-32792 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy