Vulnerability CVE-2019-20479

Vulnerability Name:

CVE-2019-20479 (CCN-176636)

Assigned:

2019-11-12

Published:

2019-11-12

Updated:

2023-05-25

Summary:

CVSS v3 Severity:

6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

7.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

6.1 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.3 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): None

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2019-20479

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: XF
Type: UNKNOWN
modauthopen-cve201920479-open-redirect(176636)

Source: cve@mitre.org
Type: Patch
cve@mitre.org

Source: CCN
Type: mod_auth_openidc GIT Repository
Fix open redirect starting with a slash and backslash #453

Source: cve@mitre.org
Type: Patch, Vendor Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-20479

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:openidc:mod_auth_openidc:2.4.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:51931	P	Security update for expat (Important)	2022-10-01
oval:org.opensuse.security:def:201920479	V	CVE-2019-20479	2022-09-02
oval:org.opensuse.security:def:3466	P	curl-7.60.0-9.8 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95096	P	apache2-mod_auth_openidc-2.3.8-3.15.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:45978	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:64587	P	Security update for webkit2gtk3 (Important)	2021-10-12
oval:org.opensuse.security:def:4223	P	Security update for libaom (Low)	2021-10-12
oval:org.opensuse.security:def:51637	P	Security update for python-PyYAML (Important)	2021-08-24
oval:org.opensuse.security:def:23956	P	Security update for openssl-1_0_0 (Important)	2021-08-24
oval:org.opensuse.security:def:69520	P	Security update for nodejs8 (Important)	2021-08-20
oval:org.opensuse.security:def:4146	P	Security update for MozillaFirefox (Important)	2021-08-19
oval:org.opensuse.security:def:47033	P	libjansson4-2.7-1.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46971	P	iputils-s20121221-2.17 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47891	P	squid-3.5.21-26.9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47097	P	libxerces-c-3_1-3.1.1-12.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47128	P	perl-YAML-LibYAML-0.38-10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47374	P	libmicrohttpd10-0.9.30-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47199	P	ant-1.9.4-1.31 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46887	P	apache-commons-beanutils-1.9.2-1.149 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47425	P	libvdpau1-1.1.1-6.73 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47837	P	opie-2.4-724.56 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:63316	P	apache2-mod_auth_openidc-2.3.8-3.7.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63503	P	oath-toolkit-2.6.2-1.15 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2227	P	apache2-mod_auth_openidc-2.3.8-3.7.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63478	P	java-11-openjdk-javadoc-11.0.10.0-3.53.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101342	P	apache2-mod_auth_openidc-2.3.8-3.7.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62355	P	xorg-x11-7.6_1-1.22 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62776	P	libavcodec57-3.4.2-9.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100906	P	libdmx-devel-1.1.3-1.23 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62779	P	libcdio16-0.94-6.9.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62159	P	libipa_hbac-devel-1.16.1-21.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62828	P	rtkit-0.11+git.20130926-1.34 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62182	P	libnetpbm11-10.80.1-3.11.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62804	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72755	P	perl-PerlMagick-7.0.7.34-10.15.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62158	P	libidn2-0-2.2.0-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62772	P	libXrandr2-32bit-1.5.1-2.17 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:4205	P	Security update for caribou (Important)	2021-07-20
oval:org.opensuse.security:def:66862	P	Security update for clamav-database (Important)	2021-07-19
oval:org.opensuse.security:def:74641	P	Security update for xstream (Important)	2021-06-17
oval:org.opensuse.security:def:64529	P	Security update for postgresql12 (Moderate)	2021-06-17
oval:org.opensuse.security:def:46435	P	gv-3.7.4-1.36 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46671	P	gpgme-1.5.1-1.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46526	P	libvorbis-doc-1.3.3-8.23 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46736	P	libjasper1-1.900.1-170.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46444	P	java-1_7_0-openjdk-1.7.0.6-33.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46673	P	guestfs-data-1.26.10-4.27 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46583	P	systemtap-2.5-1.37 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46524	P	libupsclient1-2.7.1-4.55 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46642	P	dbus-1-1.8.16-14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64699	P	Security update for lz4 (Important)	2021-06-01
oval:org.opensuse.security:def:51897	P	Security update for dhcp (Important)	2021-06-01
oval:org.opensuse.security:def:1606	P	Security update for postgresql13 (Moderate)	2021-05-27
oval:org.opensuse.security:def:23900	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:4118	P	Security update for fwupd (Important)	2021-04-08
oval:org.opensuse.security:def:64320	P	Security update for zstd (Moderate)	2021-04-08
oval:org.opensuse.security:def:45586	P	Security update for MozillaFirefox (Important)	2021-04-01
oval:org.opensuse.security:def:45585	P	Security update for MozillaFirefox (Important)	2021-03-01
oval:org.opensuse.security:def:51739	P	Security update for MozillaFirefox (Important)	2021-03-01
oval:org.opensuse.security:def:52006	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:94193	P	(Important)	2021-02-09
oval:org.opensuse.security:def:4130	P	Security update for gdk-pixbuf (Moderate)	2021-01-21
oval:org.opensuse.security:def:70218	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:23891	P	Security update for openldap2 (Moderate)	2021-01-15
oval:org.opensuse.security:def:66770	P	Security update for ImageMagick (Moderate)	2021-01-15
oval:org.opensuse.security:def:51096	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:69415	P	Security update for openssl-1_1 (Important)	2020-12-09
oval:org.opensuse.security:def:63180	P	salt-api-2018.3.0-3.9 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62982	P	python3-tools-3.6.10-3.53.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2162	P	apache2-mod_auth_openidc-2.3.8-3.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4087	P	libzypp-devel-16.20.0-2.39.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62630	P	gcab-1.1-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63275	P	libicu60_2-60.2-3.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117130	P	apache2-mod_auth_openidc-2.3.8-3.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63635	P	libraw-devel-0.18.9-3.8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4033	P	libpng16-compat-devel-1.6.8-14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63251	P	apache2-mod_auth_openidc-2.3.8-3.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4025	P	libotr-devel-4.0.0-9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62962	P	libpcp-devel-4.3.1-3.8.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63625	P	libgadu-devel-1.12.2-1.44 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107572	P	apache2-mod_auth_openidc-2.3.8-3.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4045	P	librelp-devel-1.2.12-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4261	P	Security update for the Linux Kernel (Important)	2020-12-02
oval:org.opensuse.security:def:4899	P	Security update for xen (Important)	2020-12-02
oval:org.opensuse.security:def:4247	P	Security update for the Linux Kernel (Important)	2020-12-02
oval:org.opensuse.security:def:4920	P	Security update for apache2-mod_auth_openidc (Moderate)	2020-12-02
oval:org.opensuse.security:def:4254	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4257	P	Security update for the Linux Kernel (Live Patch 4 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:45598	P	Security update for avahi (Moderate)	2020-12-01
oval:org.opensuse.security:def:46103	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:50933	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:63877	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:74774	P	Security update for apache2-mod_auth_openidc (Moderate)	2020-12-01
oval:org.opensuse.security:def:63854	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:24537	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:49993	P	apache2-mod_wsgi-python3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24196	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:64427	P	pam_krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73435	P	libmms-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24563	P	Security update for libjpeg-turbo (Important)	2020-12-01
oval:org.opensuse.security:def:24905	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:25723	P	Security update for apache2-mod_auth_openidc (Moderate)	2020-12-01
oval:org.opensuse.security:def:45711	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:46237	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:63932	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:45991	P	Security update for gdb (Moderate)	2020-12-01
oval:org.opensuse.security:def:51825	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:50543	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:63982	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:45977	P	Security update for ibus (Important)	2020-12-01
oval:org.opensuse.security:def:50047	P	apache2-mod_auth_openidc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64183	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:24549	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:72873	P	Security update for apache2-mod_auth_openidc (Moderate)	2020-12-01
oval:org.opensuse.security:def:24266	P	Security update for spamassassin (Important)	2020-12-01
oval:org.opensuse.security:def:24992	P	Security update for polkit (Important)	2020-12-01
oval:org.opensuse.security:def:53282	P	Security update for sysstat (Moderate)	2020-12-01
oval:org.opensuse.security:def:24293	P	Security update for libsndfile (Moderate)	2020-12-01
oval:org.opensuse.security:def:24619	P	Security update for file (Moderate)	2020-12-01
oval:org.opensuse.security:def:25225	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:64017	P	Security update for apache2-mod_auth_openidc (Moderate)	2020-12-01
oval:org.opensuse.security:def:24283	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:45895	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:46111	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:50565	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:51200	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:63739	P	Security update for polkit (Moderate)	2020-12-01
oval:org.opensuse.security:def:50542	P	Security update for libjpeg-turbo (Moderate)	2020-12-01
oval:org.opensuse.security:def:64319	P	libcaca-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24587	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:53351	P	Security update for apache2-mod_auth_openidc (Moderate)	2020-12-01
oval:org.opensuse.security:def:24074	P	Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:24409	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:25006	P	Security update for apache-commons-beanutils (Important)	2020-12-01
oval:org.opensuse.security:def:73553	P	apache2-mod_auth_openidc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24356	P	Security update for webkit2gtk3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24702	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:66092	P	Security update for SUSE Manager Server 4.0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25688	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:46019	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:46303	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:50698	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:51364	P	Security update for mercurial (Moderate)	2020-12-01
oval:org.opensuse.security:def:63837	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:70113	P	libraptor-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24147	P	Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:24458	P	Security update for gstreamer-plugins-base (Important)	2020-12-01
oval:org.opensuse.security:def:25050	P	Security update for nfs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:66184	P	Security update for apache2-mod_auth_openidc (Moderate)	2020-12-01
oval:org.opensuse.security:def:24482	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:24852	P	Security update for libxslt (Moderate)	2020-12-01
oval:org.opensuse.security:def:25257	P	Security update for apache2-mod_auth_openidc (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20203970	P	RHSA-2020:3970: mod_auth_openidc security update (Low)	2020-09-29
oval:com.redhat.rhsa:def:20203032	P	RHSA-2020:3032: mod_auth_openidc:2.3 security and bug fix update (Moderate)	2020-07-21
oval:org.opensuse.security:def:110436	P	Security update for apache2-mod_auth_openidc (Moderate)	2020-03-25
oval:org.opensuse.security:def:98737	P	Security update for apache2-mod_auth_openidc (Moderate)	2020-03-17
oval:org.opensuse.security:def:91787	P	Security update for apache2-mod_auth_openidc (Moderate)	2020-03-17
oval:org.opensuse.security:def:105427	P	Security update for apache2-mod_auth_openidc (Moderate)	2020-03-17
oval:org.opensuse.security:def:126571	P	Security update for apache2-mod_auth_openidc (Moderate)	2020-03-17
oval:org.opensuse.security:def:88995	P	Security update for apache2-mod_auth_openidc (Moderate)	2020-03-17

BACK