Headline
CVE-2021-3639: Invalid Bug ID
A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.
‘1980648?cve=title’ is not a valid bug number nor an alias to a bug.
Please press Back and try again.
Related news
Red Hat Security Advisory 2022-4690-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.
An update is now available for Red Hat OpenShift GitOps 1.5 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24904: argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server * CVE-2022-24905: argocd: Login screen allows message spoofing if SSO is enabled * CVE-2022-29165: argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled
Red Hat Security Advisory 2022-1934-01 - The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Issues addressed include an open redirection vulnerability.
An update for mod_auth_mellon is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3639: mod_auth_mellon: Open Redirect vulnerability in logout URLs