CVE-2021-32792

CWE-79 — Cross-site Scripting (XSS)6 documents6 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 61.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zmartzone MOD Auth Openidc Openidc MOD Auth Openidc Fedoraproject Fedora

Timeline

PublishedJul 26

Description

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages3 packages

▶Debianlibapache2-mod-auth-openidc< 2.4.9-1+3

▶NVDopenidc/mod_auth_openidc< 2.4.9

▶CVEListV5zmartzone/mod_auth_openidc< 2.4.9

Also affects: Fedora 33, 34

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2021-32792: mod_auth_openidc is an authentication/authorization module for the Apache 2↗2021-07-26

▶

CVEList

XSS vulnerability when using OIDCPreservePost On in mod_auth_openidc↗2021-07-26

▶

📋Vendor Advisories

Red Hat

mod_auth_openidc: XSS when using OIDCPreservePost On↗2021-07-24

▶

Microsoft

XSS vulnerability when using OIDCPreservePost On in mod_auth_openidc↗2021-07-13

▶

Debian

CVE-2021-32792: libapache2-mod-auth-openidc - mod_auth_openidc is an authentication/authorization module for the Apache 2.x HT...↗2021

▶