Impact
The 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the target_link_uri
parameter.
Patches
The OIDCRedirectURLsAllowed
setting must be applied to the target_link_uri
parameter, see: 03e6bfb
Workarounds
NA
References
https://github.com/zmartzone/mod_auth_openidc/issues/672
For more information
If you have any questions or comments about this advisory, you can contact:
The maintainers, by opening an issue on this repository.
Impact
The 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the
target_link_uri
parameter.Patches
The
OIDCRedirectURLsAllowed
setting must be applied to thetarget_link_uri
parameter, see: 03e6bfbWorkarounds
NA
References
https://github.com/zmartzone/mod_auth_openidc/issues/672
For more information
If you have any questions or comments about this advisory, you can contact:
The maintainers, by opening an issue on this repository.