CVE-2021-32792

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32792
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32792.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-32792
Downstream
Related
Published
2021-07-26T17:15:08Z
Modified
2025-10-22T17:17:48.280743Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, there is an XSS vulnerability in when using OIDCPreservePost On.

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7ea253ccfeaec99b5684c909dce6d9a6d7ee6486

Git / github.com/openidc/mod_auth_openidc

Affected ranges

Type
GIT
Repo
https://github.com/openidc/mod_auth_openidc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
00c315cb0c8ab77c67be4a2ac08a71a83ac58751
Fixed
55ea0a085290cd2c8cdfdd960a230cbc38ba8b56
Fixed
e33cd488cb9ce027dae692e06767a0ba7ed5e1de

Affected versions

2.*

2.3.11rc1

v1.*

v1.5
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.6.0
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.8.0
v1.8.1
v1.8.10
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.8.8
v1.8.9

v2.*

v2.0.0
v2.0.0rc1
v2.0.0rc4
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.2.0
v2.3.0
v2.3.0rc0
v2.3.0rc3
v2.3.1
v2.3.10
v2.3.10.1
v2.3.10.2
v2.3.11
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.4.0.1
v2.4.0.2
v2.4.0.3
v2.4.0.4
v2.4.1
v2.4.2
v2.4.2.1
v2.4.3
v2.4.4
v2.4.4.1
v2.4.5
v2.4.6
v2.4.7
v2.4.7.1
v2.4.7.2
v2.4.8.1
v2.4.8.2
v2.4.8.3
v2.4.8.4

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "id": "CVE-2021-32792-10ca039b",
        "signature_version": "v1",
        "digest": {
            "length": 1476.0,
            "function_hash": "134273641498415805765749425121800175682"
        },
        "target": {
            "function": "oidc_request_post_preserved_restore",
            "file": "src/mod_auth_openidc.c"
        },
        "source": "https://github.com/openidc/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56",
        "signature_type": "Function"
    },
    {
        "deprecated": false,
        "id": "CVE-2021-32792-25df0d51",
        "signature_version": "v1",
        "digest": {
            "length": 360.0,
            "function_hash": "136044392917554159184061674851056105432"
        },
        "target": {
            "function": "oidc_session_redirect_parent_window_to_logout",
            "file": "src/mod_auth_openidc.c"
        },
        "source": "https://github.com/openidc/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56",
        "signature_type": "Function"
    },
    {
        "deprecated": false,
        "id": "CVE-2021-32792-2ca80fa7",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "314472623974046352642912142804683208340",
                "1491808797503525465831243959703973666",
                "198004564357983767501042946622958992165"
            ]
        },
        "target": {
            "file": "src/mod_auth_openidc.c"
        },
        "source": "https://github.com/openidc/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751",
        "signature_type": "Line"
    },
    {
        "deprecated": false,
        "id": "CVE-2021-32792-3e92ccd2",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "126790944525078583180071603865154972295",
                "137650979746716140781474846618354970485",
                "41126000354448396496718263785188861327",
                "206805887279959803728304487681803491049"
            ]
        },
        "target": {
            "file": "src/mod_auth_openidc.h"
        },
        "source": "https://github.com/openidc/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56",
        "signature_type": "Line"
    },
    {
        "deprecated": false,
        "id": "CVE-2021-32792-549e5144",
        "signature_version": "v1",
        "digest": {
            "length": 1640.0,
            "function_hash": "237520937193784482164628943986336601242"
        },
        "target": {
            "function": "oidc_post_preserve_javascript",
            "file": "src/mod_auth_openidc.c"
        },
        "source": "https://github.com/openidc/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56",
        "signature_type": "Function"
    },
    {
        "deprecated": false,
        "id": "CVE-2021-32792-9765b1e2",
        "signature_version": "v1",
        "digest": {
            "length": 1474.0,
            "function_hash": "32194573796516897377511631364803745687"
        },
        "target": {
            "function": "oidc_request_post_preserved_restore",
            "file": "src/mod_auth_openidc.c"
        },
        "source": "https://github.com/openidc/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751",
        "signature_type": "Function"
    },
    {
        "deprecated": false,
        "id": "CVE-2021-32792-9d2adc4e",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "189670386551080629756125295111748153231",
                "35038611237783248290866212508015774975",
                "219442016696800481728242289168819934663"
            ]
        },
        "target": {
            "file": "src/util.c"
        },
        "source": "https://github.com/openidc/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56",
        "signature_type": "Line"
    },
    {
        "deprecated": false,
        "id": "CVE-2021-32792-f8a159e8",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "132407694548922774997181645150456931171",
                "257801777161133338820853944724280729024",
                "325745404983420543281235593539047383681",
                "315149006705962051829339402809866983693",
                "67433481031604839774467156630643067030",
                "93256075459576324789357033862129141911",
                "108068871053063075548760282624915422522",
                "335337076801478368188608850237170768186",
                "302697593088082459430922759172939642152",
                "15406283206120863991725021371598058904",
                "7419004765871298284781784281769961464",
                "43780330198651545422736535160183086906"
            ]
        },
        "target": {
            "file": "src/mod_auth_openidc.c"
        },
        "source": "https://github.com/openidc/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56",
        "signature_type": "Line"
    }
]