CVE-2021-32792

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-32792

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32792.json

Aliases

GHSA-458c-7pwg-3j7j

Related

Published

2021-07-26T17:15:08Z

Modified

2023-11-29T08:55:20.017393Z

Details

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, there is an XSS vulnerability in when using OIDCPreservePost On.

References

Affected packages

Git / github.com/OpenIDC/mod_auth_openidc

Affected ranges

Type: GIT
Repo: https://github.com/OpenIDC/mod_auth_openidc
Events: Introduced

0The exact introduced commit is unknown

Fixed

55ea0a085290cd2c8cdfdd960a230cbc38ba8b56

Fixed

00c315cb0c8ab77c67be4a2ac08a71a83ac58751

Type: GIT
Repo: https://github.com/apache/httpd
Events: Introduced

0The exact introduced commit is unknown

Fixed

7ea253ccfeaec99b5684c909dce6d9a6d7ee6486

Type: GIT
Repo: https://github.com/openidc/mod_auth_openidc
Events: Introduced

0The exact introduced commit is unknown

Fixed

e33cd488cb9ce027dae692e06767a0ba7ed5e1de

Affected versions

2.*

2.3.11rc1

v1.*

v1.5

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.5.5

v1.6.0

v1.7.0

v1.7.1

v1.7.2

v1.7.3

v1.8.0

v1.8.1

v1.8.10

v1.8.2

v1.8.3

v1.8.4

v1.8.5

v1.8.6

v1.8.7

v1.8.8

v1.8.9

v2.*

v2.0.0

v2.0.0rc1

v2.0.0rc4

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.2.0

v2.3.0

v2.3.0rc0

v2.3.0rc3

v2.3.1

v2.3.10

v2.3.10.1

v2.3.10.2

v2.3.11

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.3.8

v2.3.9

v2.4.0

v2.4.0.1

v2.4.0.2

v2.4.0.3

v2.4.0.4

v2.4.1

v2.4.2

v2.4.2.1

v2.4.3

v2.4.4

v2.4.4.1

v2.4.5

v2.4.6

v2.4.7

v2.4.7.1

v2.4.7.2

v2.4.8.1

v2.4.8.2

v2.4.8.3

v2.4.8.4