Open Redirect

2022-12-2009:04:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

open redirect

software

apache

0.001 Low

EPSS

Percentile

42.0%

JSON

libapache2-mod-auth-openidc is vulnerable to open redirect. When provided with a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect.

CPENameOperatorVersion
libapache2-mod-auth-openidc:sideq2.4.4.1-1
libapache2-mod-auth-openidc:sideq2.4.4.1-1
libapache2-mod-auth-openidc:bullseyeeq2.4.9-1
libapache2-mod-auth-openidc:bullseyeeq2.4.4.1-1

Name	Operator	Version
libapache2-mod-auth-openidc:sid	eq	2.4.4.1-1
libapache2-mod-auth-openidc:sid	eq	2.4.4.1-1
libapache2-mod-auth-openidc:bullseye	eq	2.4.9-1
libapache2-mod-auth-openidc:bullseye	eq	2.4.4.1-1