*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Eduardo Barretto (ebarretto):
Versions up to and including 2.4.16.10 CVE-2025-31492 When doing authentication, and when configured with OIDCProviderAuthRequestMethod POST, the protected resource is appended to the normal http response. This exposes protected data to people who have not been authenticated/authorised. https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-59jp- rwph-878r ** Affects: libapache2-mod-auth-openidc (Ubuntu) Importance: Undecided Status: New ** Tags: community-security -- OIDCProviderAuthRequestMethod POST leaks protected data https://bugs.launchpad.net/bugs/2106320 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
