CVE-2021-32792

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32792
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32792.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-32792
Downstream
Related
Published
2021-07-26T17:15:08Z
Modified
2025-09-19T12:59:10.175348Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, there is an XSS vulnerability in when using OIDCPreservePost On.

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/openidc/mod_auth_openidc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Fixed

Affected versions

2.*

2.3.11rc1

v1.*

v1.5
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.6.0
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.8.0
v1.8.1
v1.8.10
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.8.8
v1.8.9

v2.*

v2.0.0
v2.0.0rc1
v2.0.0rc4
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.2.0
v2.3.0
v2.3.0rc0
v2.3.0rc3
v2.3.1
v2.3.10
v2.3.10.1
v2.3.10.2
v2.3.11
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.4.0.1
v2.4.0.2
v2.4.0.3
v2.4.0.4
v2.4.1
v2.4.2
v2.4.2.1
v2.4.3
v2.4.4
v2.4.4.1
v2.4.5
v2.4.6
v2.4.7
v2.4.7.1
v2.4.7.2
v2.4.8.1
v2.4.8.2
v2.4.8.3
v2.4.8.4

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "314472623974046352642912142804683208340",
                    "1491808797503525465831243959703973666",
                    "198004564357983767501042946622958992165"
                ]
            },
            "id": "CVE-2021-32792-2ca80fa7",
            "source": "https://github.com/openidc/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "src/mod_auth_openidc.c"
            },
            "deprecated": false
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "126790944525078583180071603865154972295",
                    "137650979746716140781474846618354970485",
                    "41126000354448396496718263785188861327",
                    "206805887279959803728304487681803491049"
                ]
            },
            "id": "CVE-2021-32792-3e92ccd2",
            "source": "https://github.com/openidc/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "src/mod_auth_openidc.h"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "32194573796516897377511631364803745687",
                "length": 1474.0
            },
            "id": "CVE-2021-32792-9765b1e2",
            "source": "https://github.com/openidc/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/mod_auth_openidc.c",
                "function": "oidc_request_post_preserved_restore"
            },
            "deprecated": false
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "189670386551080629756125295111748153231",
                    "35038611237783248290866212508015774975",
                    "219442016696800481728242289168819934663"
                ]
            },
            "id": "CVE-2021-32792-9d2adc4e",
            "source": "https://github.com/openidc/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "src/util.c"
            },
            "deprecated": false
        }
    ]
}