CVE-2019-13038
published 2019-06-29CVE-2019-13038: mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | libapache2-mod-auth-mellon | < libapache2-mod-auth-mellon 0.15.0-1 (bookworm) | libapache2-mod-auth-mellon 0.15.0-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| mod_auth_mellon_project | mod_auth_mellon | <= 0.14.2 | — |
| oracle | zfs_storage_appliance_kit | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM