CVE-2021-39191
URL Redirection to Untrusted Site ('Open Redirect') in mod_auth_openidc
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version.
mod_auth_openidc es un módulo de autenticación/autorización para el servidor HTTP Apache versión 2.x, que funciona como OpenID Connect Relying Party, autenticando a usuarios contra un proveedor de OpenID Connect. En las versiones anteriores a 2.4.9.4, la funcionalidad de SSO init de terceros de mod_auth_openidc era vulnerable a un ataque de redirección abierta mediante el suministro de una URL diseñada en el parámetro "target_link_uri". Un parche en la versión 2.4.9.4 hizo que la configuración "OIDCRedirectURLsAllowed" se aplicara al parámetro "target_link_uri". No se conocen soluciones aparte de la actualización a una versión parcheada
A open redirect flaw was found in mod_auth_openidc where it does not sanitize target_link_uri paramater properly. This issue could be used by a remote attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. As a result of this redirection victim users may give more credibility to the attacker controlled server because coming from a trusted application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-08-16 CVE Reserved
- 2021-09-03 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-11-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9.4 | Release Notes | |
| https://lists.debian.org/debian-lts-announce/2023/07/msg00020.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/zmartzone/mod_auth_openidc/issues/672 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/zmartzone/mod_auth_openidc/commit/03e6bfb446f4e3f27c003d30d6a433e5dd8e2b3d | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openidc Search vendor "Openidc" | Mod Auth Openidc Search vendor "Openidc" for product "Mod Auth Openidc" | < 2.4.9.4 Search vendor "Openidc" for product "Mod Auth Openidc" and version " < 2.4.9.4" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||