CVE-2021-32792

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions mod auth openidc versions prior to 2.4.9

Description The issue is related to an XSS vulnerability in mod auth openidc when using OIDCPreservePost On. This vulnerability allows a remote attacker to impact the integrity of data. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For mod auth openidc versions prior to 2.4.9, update to version 2.4.9 or later to resolve the issue. As a temporary workaround, consider disabling the OIDCPreservePost On setting until a patch is available. Restrict access to the module to minimize the risk of exploitation. Avoid using the OIDCPreservePost parameter until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2022:1823

AZL-6482

BDU:2022-01785

CESA-2022_1823

CVE-2021-32792

DLA-3409-1

GHSA-458C-7PWG-3J7J

MGASA-2021-0452

OPENSUSE-SU-2021:1277-1

OPENSUSE-SU-2021:3020-1

OPENSUSE-SU-2021_1277-1

OPENSUSE-SU-2021_3020-1

RHSA-2022:1823

RHSA-2022_1823

RLSA-2022:1823

SUSE-SU-2021:3020-1

SUSE-SU-2021:3352-1

SUSE-SU-2025:4532-1

Affected Products

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Mod Auth Openidc

CVE-2021-32792

Weakness Enumeration

Related Identifiers

Affected Products

References · 68