Lucene search
OracleLinuxELSA-2023-6940HistoryNov 18, 2023 - 12:00 a.m.
mod_auth_openidc:2.3 security and bug fix update
2023-11-1800:00:00
linux.oracle.com
7
mod_auth_openidc
security update
bug fix
cjose
cve-2023-37464
aes gcm decryption
jwe
rhbz#2223308
version dependency
auth_openidc.conf
mode 0640
cve-2023-28625
null pointer dereference
oidcstripcookies
crafted cookie header
cve-2022-23527
open redirect
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.3%
cjose
[0.6.1-4]
- CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual
Authentication Tag provided in the JWE
Resolves: rhbz#2223308
mod_auth_openidc
[2.4.9.4-5]
Related: rhbz#2141850 - fix cjose version dependency
[2.4.9.4-4]
Resolves: rhbz#2141850 - auth_openidc.conf mode 0640 by default
[2.4.9.4-3] - Resolves: rhbz#2184144 - CVE-2023-28625 NULL pointer dereference
when OIDCStripCookies is set and a crafted Cookie header is supplied
[2.4.9.4-2] - Resolves: rhbz#2153659 - CVE-2022-23527 - Open Redirect in
oidc_validate_redirect_url() using tab character
Related
oraclelinux
oraclelinux
mod_auth_openidc security and bug fix update
2023-11-11 00:00:00
almalinux
almalinux
Moderate: mod_auth_openidc:2.3 security and bug fix update
2023-11-14 00:00:00
Moderate: mod_auth_openidc security and bug fix update
2023-11-07 00:00:00
osv
osv
Moderate: mod_auth_openidc security and bug fix update
2023-11-07 00:00:00
Moderate: mod_auth_openidc:2.3 security and bug fix update
2023-11-14 00:00:00
CVE-2022-23527
2022-12-14 18:15:20
nessus
nessus
Oracle Linux 9 : mod_auth_openidc (ELSA-2023-6365)
2023-11-16 00:00:00
RHEL 8 : mod_auth_openidc:2.3 (RHSA-2023:6940)
2023-11-14 00:00:00
RHEL 9 : mod_auth_openidc (RHSA-2023:6365)
2023-11-07 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:1837-1)
2023-05-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:1849-1)
2023-04-17 00:00:00
Fedora: Security Advisory for mod_auth_openidc (FEDORA-2022-e139408490)
2022-12-25 00:00:00
redhat
redhat
(RHSA-2023:6365) Moderate: mod_auth_openidc security and bug fix update
2023-11-07 06:03:12
(RHSA-2023:6940) Moderate: mod_auth_openidc:2.3 security and bug fix update
2023-11-14 08:40:59
cvelist
cvelist
cbl_mariner
cbl_mariner
veracode
veracode
NULL Pointer Dereference
2023-08-06 07:40:33
Open Redirect
2022-12-20 09:04:10
fedora
fedora
[SECURITY] Fedora 38 Update: mod_auth_openidc-2.4.13.2-1.fc38
2023-05-31 17:34:01
[SECURITY] Fedora 36 Update: mod_auth_openidc-2.4.12.2-1.fc36
2022-12-25 01:22:44
[SECURITY] Fedora 37 Update: mod_auth_openidc-2.4.12.2-1.fc37
2022-12-25 01:08:49
debiancve
debiancve
CVE-2023-28625
2023-04-03 14:15:07
CVE-2022-23527
2022-12-14 18:15:20
f5
f5
K000134597 : mod_auth_openidc vulnerability CVE-2023-28625
2023-05-12 00:00:00
cve
cve
CVE-2022-23527
2022-12-14 18:15:20
CVE-2023-28625
2023-04-03 14:15:07
nvd
nvd
CVE-2022-23527
2022-12-14 18:15:20
CVE-2023-28625
2023-04-03 14:15:07
prion
prion
Null pointer dereference
2023-04-03 14:15:00
Open redirect
2022-12-14 18:15:00
ubuntucve
ubuntucve
CVE-2023-28625
2023-04-03 00:00:00
CVE-2022-23527
2022-12-14 00:00:00
redhatcve
redhatcve
CVE-2022-23527
2022-12-15 04:04:44
CVE-2023-28625
2023-04-03 18:14:37
debian
debian
[SECURITY] [DSA 5405-1] libapache2-mod-auth-openidc security update
2023-05-18 13:12:35
[SECURITY] [DLA 3499-1] libapache2-mod-auth-openidc security update
2023-07-18 22:51:29
[SECURITY] [DLA 3409-1] libapache2-mod-auth-openidc security update
2023-04-30 21:14:15
rosalinux
rosalinux
Advisory ROSA-SA-2024-2362
2024-02-27 09:20:02
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.3%
Related for ELSA-2023-6940