ALAS2-2020-1538 --- mod_auth_openidcID: oval:org.secpod.oval:def:1700416 | Date: (C)2020-11-05 (M)2023-11-13 |
Class: PATCH | Family: unix |
An open redirect flaw was discovered in mod_auth_openidc, where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would redirect them to another possibly malicious URL. An open redirect flaw was discovered in mod_auth_openidc where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with slash and backslash at the beginning to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would redirect him to another, possibly malicious, URL