VDB

CVE-2021-32792

CVE-2021-32792 PUBLISHED

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.

EPSS 0.25% · 48.5th percentile

Risk Scores

EPSS Score
0.25%
48.5th percentile

Affected Products

VendorProductVersions
Ubuntu:20.04:LTSlibapache2-mod-auth-openidc0, 2.4.0.4-1, 2.4.1-1
Ubuntu:18.04:LTSlibapache2-mod-auth-openidc0, 2.3.1-2, 2.3.2-1

Timeline

  • CVE Published
  • Jul 27, 2021 EPSS Score
  • Aug 5, 2021 EPSS Score
  • Aug 8, 2021 EPSS Score
  • Nov 22, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Jan 21, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 21, 2022 EPSS Score
  • May 19, 2022 EPSS Score
  • Jul 18, 2022 EPSS Score
  • Sep 15, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›