CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-20479 – mod_auth_openidc: Open redirect issue exists in URLs with slash and backslash
https://notcve.org/view.php?id=CVE-2019-20479
20 Feb 2020 — A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. Se detectó un fallo en mod_auth_openidc versiones anteriores a 2.4.1. Se presenta un problema de redireccionamiento abierto en las URL con una barra diagonal y una barra diagonal inversa al principio. An open redirect flaw was discovered in mod_auth_openidc where it handles logout redirection. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00036.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14857 – mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes
https://notcve.org/view.php?id=CVE-2019-14857
26 Nov 2019 — A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon. Se encontró una fallo en mod_auth_openidc anterior de la versión 2.4.0.1. Existe un problema de redireccionamiento abierto en las URL con barras diagonales en mod_auth_mellon. An open redirect flaw was discovered in mod_auth_openidc, where it handles logout redirection. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14857 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •