VDB
CVE-2021-32792
CVE-2021-32792
PUBLISHED
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.
EPSS 0.25% · 48.5th percentile
Risk Scores
EPSS Score
0.25%
48.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | libapache2-mod-auth-openidc | 0, 2.4.0.4-1, 2.4.1-1 |
| Ubuntu:18.04:LTS | libapache2-mod-auth-openidc | 0, 2.3.1-2, 2.3.2-1 |
Timeline
- CVE Published
- Jul 27, 2021 EPSS Score
- Aug 5, 2021 EPSS Score
- Aug 8, 2021 EPSS Score
- Nov 22, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 21, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 21, 2022 EPSS Score
- May 19, 2022 EPSS Score
- Jul 18, 2022 EPSS Score
- Sep 15, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-32792 third-party-advisory
- https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j third-party-advisory
- https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751 third-party-advisory
- https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56 third-party-advisory
- https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-32792 third-party-advisory