Impact
The 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the target_link_uri parameter.
Patches
The OIDCRedirectURLsAllowed setting must be applied to the target_link_uri parameter, see: 03e6bfb
Workarounds
NA
References
#672
For more information
If you have any questions or comments about this advisory, you can contact:
The maintainers, by opening an issue on this repository.
Impact
The 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the
target_link_uriparameter.Patches
The
OIDCRedirectURLsAllowedsetting must be applied to thetarget_link_uriparameter, see: 03e6bfbWorkarounds
NA
References
#672
For more information
If you have any questions or comments about this advisory, you can contact:
The maintainers, by opening an issue on this repository.