Back to bug 2153655
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2022-12-15 03:48:08 UTC | Blocks | 2153592 | |
| Sandipan Roy | 2022-12-15 03:50:41 UTC | Doc Text | mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. The mod_auth_openidc is vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. | |
| Sandipan Roy | 2022-12-15 03:51:31 UTC | Depends On | 2153657, 2153659, 2153656, 2153658 | |
| RaTasha Tillery-Smith | 2022-12-15 15:38:14 UTC | Doc Text | mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. The mod_auth_openidc is vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. | An open redirect vulnerability was found in mod_auth_openidc, an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. |
| Red Hat Bugzilla | 2023-07-07 08:34:29 UTC | Assignee | security-response-team | nobody |
Back to bug 2153655