CVE-2021-3639
First published: Fri Jul 09 2021(Updated: )
A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Uninett Mod Auth Mellon | <0.18.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2021-3639
- https://bugzilla.redhat.com/show_bug.cgi?id=1980648
- https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1988235
- https://access.redhat.com/errata/RHSA-2022:1934
- https://access.redhat.com/security/cve/cve-2021-3639
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3639
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/uninett
- canonical/uninett mod auth mellon