modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring modauth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed.
{ "vanir_signatures": [ { "digest": { "length": 399.0, "function_hash": "81706185336971633706660646791497957740" }, "source": "https://github.com/zmartzone/mod_auth_openidc/commit/87119f44b9a88312dbc1f752d720bcd2371b94a8", "signature_type": "Function", "target": { "function": "oidc_util_strcasestr", "file": "src/util.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-23527-0aff18d3" }, { "digest": { "line_hashes": [ "317587646839988384335544444821295524994", "232466779908525399908685984565077850079", "287349060155973921930124710969158894155", "138747220604910769434861909082543655786" ], "threshold": 0.9 }, "source": "https://github.com/zmartzone/mod_auth_openidc/commit/87119f44b9a88312dbc1f752d720bcd2371b94a8", "signature_type": "Line", "target": { "file": "src/util.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-23527-1f788647" }, { "digest": { "line_hashes": [ "329043496957843601538334703668873551595", "220837559738213660945014665071012017553", "240851835599655375470559027458109868308", "73434580951236204721615529336133750787", "206975829462892476830439541553072223635", "55818927941714811651452162989743566586", "284356806062111522693580815168782423949", "162552974141509579955451404143922797069", "75760300558805594534194665824513800473", "14553734292797652668369146879601252775", "12739086773718225398549399016188548252" ], "threshold": 0.9 }, "source": "https://github.com/zmartzone/mod_auth_openidc/commit/87119f44b9a88312dbc1f752d720bcd2371b94a8", "signature_type": "Line", "target": { "file": "src/mod_auth_openidc.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-23527-816577e1" }, { "digest": { "line_hashes": [ "2785876189190350754405776347275299719", "3592429317556836374456780986196056533", "6179956261559369531962072056942313233", "307681414870826943167474577582467319747" ], "threshold": 0.9 }, "source": "https://github.com/zmartzone/mod_auth_openidc/commit/87119f44b9a88312dbc1f752d720bcd2371b94a8", "signature_type": "Line", "target": { "file": "src/mod_auth_openidc.h" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-23527-a7f6cbbe" }, { "digest": { "length": 3976.0, "function_hash": "46575860521880827060260033404068331985" }, "source": "https://github.com/zmartzone/mod_auth_openidc/commit/87119f44b9a88312dbc1f752d720bcd2371b94a8", "signature_type": "Function", "target": { "function": "oidc_validate_redirect_url", "file": "src/mod_auth_openidc.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-23527-e8355faa" } ] }