Vulnerabilities > Openidc > MOD Auth Openidc > 1.5.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-14 | CVE-2022-23527 | Open Redirect vulnerability in multiple products mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. | 6.1 |
2021-09-03 | CVE-2021-39191 | Open Redirect vulnerability in multiple products mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. | 6.1 |
2021-07-26 | CVE-2021-32791 | Reusing a Nonce, Key Pair in Encryption vulnerability in multiple products mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. | 5.9 |
2021-07-26 | CVE-2021-32792 | Cross-site Scripting vulnerability in multiple products mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. | 6.1 |
2021-07-22 | CVE-2021-32785 | Use of Externally-Controlled Format String vulnerability in multiple products mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. | 7.5 |
2021-07-22 | CVE-2021-32786 | Open Redirect vulnerability in multiple products mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. | 6.1 |
2020-02-20 | CVE-2019-20479 | Open Redirect vulnerability in multiple products A flaw was found in mod_auth_openidc before version 2.4.1. | 6.1 |
2019-11-26 | CVE-2019-14857 | Open Redirect vulnerability in Openidc MOD Auth Openidc A flaw was found in mod_auth_openidc before version 2.4.0.1. | 6.1 |
2017-03-02 | CVE-2017-6413 | Improper Authentication vulnerability in Openidc MOD Auth Openidc The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic. | 8.6 |