ID CVE-2019-20479
Summary A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
References
Vulnerable Configurations
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.9:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.9:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.10:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.10:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:1.8.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.0.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.0.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.0:-:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.11:-:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.11:-:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.11:rc1:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.3.11:rc1:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zmartzone:mod_auth_openidc:2.4.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:zmartzone:mod_auth_openidc:2.4.0.4:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 01-01-2022 - 19:39)
Impact:
Exploitability:
CWE CWE-601
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
redhat via4
advisories
  • bugzilla
    id 1844107
    title Module stream mod_auth_openidc:2.3 does not have correct module.md file [rhel-8.2.0.z]
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • comment Module mod_auth_openidc:2.3 is enabled
        oval oval:com.redhat.rhsa:tst:20203032011
      • OR
        • AND
          • comment cjose is earlier than 0:0.6.1-2.module+el8+2454+f890a43a
            oval oval:com.redhat.rhsa:tst:20203032001
          • comment cjose is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20203032002
        • AND
          • comment cjose-debugsource is earlier than 0:0.6.1-2.module+el8+2454+f890a43a
            oval oval:com.redhat.rhsa:tst:20203032003
          • comment cjose-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20203032004
        • AND
          • comment cjose-devel is earlier than 0:0.6.1-2.module+el8+2454+f890a43a
            oval oval:com.redhat.rhsa:tst:20203032005
          • comment cjose-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20203032006
        • AND
          • comment mod_auth_openidc is earlier than 0:2.3.7-4.module+el8.2.0+6919+ac02cfd2.3
            oval oval:com.redhat.rhsa:tst:20203032007
          • comment mod_auth_openidc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20192112002
        • AND
          • comment mod_auth_openidc-debugsource is earlier than 0:2.3.7-4.module+el8.2.0+6919+ac02cfd2.3
            oval oval:com.redhat.rhsa:tst:20203032009
          • comment mod_auth_openidc-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20203032010
    rhsa
    id RHSA-2020:3032
    released 2020-07-21
    severity Moderate
    title RHSA-2020:3032: mod_auth_openidc:2.3 security and bug fix update (Moderate)
  • bugzilla
    id 1805102
    title CVE-2019-20479 mod_auth_openidc: Open redirect issue exists in URLs with slash and backslash
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • comment mod_auth_openidc is earlier than 0:1.8.8-7.el7
        oval oval:com.redhat.rhsa:tst:20203970001
      • comment mod_auth_openidc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20192112002
    rhsa
    id RHSA-2020:3970
    released 2020-09-29
    severity Low
    title RHSA-2020:3970: mod_auth_openidc security update (Low)
rpms
  • cjose-0:0.6.1-2.module+el8+2454+f890a43a
  • cjose-debuginfo-0:0.6.1-2.module+el8+2454+f890a43a
  • cjose-debugsource-0:0.6.1-2.module+el8+2454+f890a43a
  • cjose-devel-0:0.6.1-2.module+el8+2454+f890a43a
  • mod_auth_openidc-0:2.3.7-4.module+el8.2.0+6919+ac02cfd2.3
  • mod_auth_openidc-debuginfo-0:2.3.7-4.module+el8.2.0+6919+ac02cfd2.3
  • mod_auth_openidc-debugsource-0:2.3.7-4.module+el8.2.0+6919+ac02cfd2.3
  • mod_auth_openidc-0:1.8.8-7.el7
  • mod_auth_openidc-debuginfo-0:1.8.8-7.el7
refmap via4
fedora
  • FEDORA-2020-1106ece93a
  • FEDORA-2020-33d51234cd
misc
mlist
  • [debian-lts-announce] 20200229 [SECURITY] [DLA 2130-1] libapache2-mod-auth-openidc security
  • [debian-lts-announce] 20200729 [SECURITY] [DLA 2298-1] libapache2-mod-auth-openidc security update
suse openSUSE-SU-2020:0376
Last major update 01-01-2022 - 19:39
Published 20-02-2020 - 06:15
Last modified 01-01-2022 - 19:39
Back to Top