CVE-2021-3639

Summary

A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.

Affected Software

VendorProductVersion RangeStatus
n/amod_auth_mellonFixed in v0.18.0affected

Weaknesses

  • CWE-601: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CVE Program Container

Additional References

References