CVE-2019-20479
- Source
- https://cve.org/CVERecord?id=CVE-2019-20479
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20479.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-20479
- Downstream
- Related
- Published
- 2020-02-20T06:15:11.027Z
- Modified
- 2026-03-15T22:28:19.297782Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in modauthopenidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NGXONXPWTX7DV62TIUIUVOZF4KQ6SIJE/
- https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27XJYAEONKJDESNE7WVZF5D2Z2OBY5JK/
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00036.html
- https://lists.debian.org/debian-lts-announce/2020/02/msg00035.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00028.html
- https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7
- https://github.com/zmartzone/mod_auth_openidc/pull/453
Affected packages
Git / github.com/openidc/mod_auth_openidc
Affected versions
2.*
2.3.11rc1
v1.*
v1.5
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.6.0
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.8.0
v1.8.1
v1.8.10
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.8.8
v1.8.9
v2.*
v2.0.0
v2.0.0rc1
v2.0.0rc4
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.2.0
v2.3.0
v2.3.0rc0
v2.3.0rc3
v2.3.1
v2.3.10
v2.3.10.1
v2.3.10.2
v2.3.11
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.4.0.1
v2.4.0.2
v2.4.0.3
v2.4.0.4
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "31"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "32"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.1"
}
]
}
]
vanir_signatures
[
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/cache/common.c",
"function": "oidc_cache_mutex_destroy"
},
"id": "CVE-2019-20479-05aa1e3f",
"deprecated": false,
"source": "https://github.com/openidc/mod_auth_openidc/commit/94d2cf2bd4581b0c393b750587b621d33e2f4e0e",
"digest": {
"function_hash": "292571528579285139739553888024721725778",
"length": 553.0
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "src/cache/common.c"
},
"id": "CVE-2019-20479-339a2278",
"deprecated": false,
"source": "https://github.com/openidc/mod_auth_openidc/commit/94d2cf2bd4581b0c393b750587b621d33e2f4e0e",
"digest": {
"line_hashes": [
"199370385196264008088677233345752309063",
"5074136558242366934413352575790907147",
"65396395535408745366843203444097860275",
"115734331422631327239312339581567078434",
"244197310894902504449748704406048077242",
"279679966921650120632441670303460601414",
"50353192814854080748463185925216379361",
"288313765875823845552638405548810835708",
"329082806999490161391590921094917349001",
"112785618798974126610844099124471876307",
"183711922263090499335521941596037306329",
"116984925139315876825063513942341048620",
"43917158376661601226679076315876029190",
"329770745295793924214238739214481751620",
"119531293556308819516382198959556804849",
"126490398248283259180254736651881614186",
"321801973304148796263225390607756681945",
"259434629331703982302890190343030298605"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "src/cache/shm.c"
},
"id": "CVE-2019-20479-7bed0376",
"deprecated": false,
"source": "https://github.com/openidc/mod_auth_openidc/commit/94d2cf2bd4581b0c393b750587b621d33e2f4e0e",
"digest": {
"line_hashes": [
"9786757787665961887895905625459747500",
"124355243522583329622942131911663822078",
"53210297840531005206572427125477654461",
"122317155771460493737853805728013356384",
"151341049909999925075959818082636278347",
"115864870007998282574785941438617754608",
"80445514014107175002522979962412074664"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/cache/shm.c",
"function": "oidc_cache_shm_destroy"
},
"id": "CVE-2019-20479-a7ec0fae",
"deprecated": false,
"source": "https://github.com/openidc/mod_auth_openidc/commit/94d2cf2bd4581b0c393b750587b621d33e2f4e0e",
"digest": {
"function_hash": "21434340826836178884602067701743101447",
"length": 496.0
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/cache/common.c",
"function": "oidc_cache_mutex_post_config"
},
"id": "CVE-2019-20479-bf29c084",
"deprecated": false,
"source": "https://github.com/openidc/mod_auth_openidc/commit/94d2cf2bd4581b0c393b750587b621d33e2f4e0e",
"digest": {
"function_hash": "208742624046330703456231157834671144335",
"length": 1286.0
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20479.json"