Fedora Account System
Red Hat Associate
Red Hat Customer
openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method. Reference: https://marc.info/?l=openid-security&m=155477050605610&w=2
Created php-lightopenid tracking bugs for this issue: Affects: fedora-all [bug 1709148]
Created php-lightopenid tracking bugs for this issue: Affects: epel-6 [bug 1709149]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.