Uncontrolled external site redirect In libapache2-mod-auth-openidc
Description
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 debian 14 | 2.4.1-1 | ||
debian 12 | 2.4.1-1 | ||
debian 13 | 2.4.1-1 | ||
debian 11 | 2.4.1-1 | ||
 rpm rhel8 | 0:2.3.7-4.module+el8.2.0+6919+ac02cfd2.3 | ||
rpm rhel7 | 0:1.8.8-7.el7 |
Aliases
1. 2. 3. 4. 5.