A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
References
Link | Resource |
---|---|
https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7 | Patch |
https://github.com/zmartzone/mod_auth_openidc/pull/453 | Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2020/02/msg00035.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00036.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGXONXPWTX7DV62TIUIUVOZF4KQ6SIJE/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27XJYAEONKJDESNE7WVZF5D2Z2OBY5JK/ | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/07/msg00028.html | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2020-02-19 22:15
Updated : 2022-01-01 11:39
NVD link : CVE-2019-20479
Mitre link : CVE-2019-20479
JSON object : View
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Products Affected
debian
- debian_linux
zmartzone
- mod_auth_openidc
fedoraproject
- fedora
opensuse
- leap