CVE-2022-23527 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-23527 Interim 1 24 2026-03-05T04:47:10Z current 2022-12-17T00:45:34Z 2026-03-05T04:47:10Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-23527 mod_auth_openidc is an OpenID Certified(tm) authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2023-January/013592.html E-Mail link for SUSE-SU-2023:0215-1 https://lists.suse.com/pipermail/sle-security-updates/2023-May/014721.html E-Mail link for SUSE-SU-2023:1837-1 https://lists.suse.com/pipermail/sle-security-updates/2025-December/023659.html E-Mail link for SUSE-SU-2025:4532-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE CaaS Platform 4.0 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Liberty Linux 8 SUSE Liberty Linux 9 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP6 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Server 15 SP4-TERADATA SUSE Linux Enterprise Module for Server Applications 15 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP6 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP6 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Manager Retail Branch Server 4.2 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Manager Server 4.2 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 openSUSE Leap 15.4 openSUSE Leap 15.6 openSUSE Tumbleweed apache2-mod_auth_openidc apache2-mod_auth_openidc-2.3.8-150100.3.22.1 apache2-mod_auth_openidc-2.4.0-7.9.1 apache2-mod_auth_openidc-2.4.12.2-1.1 apache2-mod_auth_openidc-2.4.17-160000.2.2 apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1 cjose-0.6.1-4.module+el8.9.0+19469+5b493da9 cjose-devel-0.6.1-4.module+el8.9.0+19469+5b493da9 mod_auth_openidc-2.4.9.4-4.el9 mod_auth_openidc-2.4.9.4-5.module+el8.9.0+18723+672ccf5d cjose-0.6.1-4.module+el8.9.0+19469+5b493da9 as a component of SUSE Liberty Linux 8 cjose-devel-0.6.1-4.module+el8.9.0+19469+5b493da9 as a component of SUSE Liberty Linux 8 mod_auth_openidc-2.4.9.4-5.module+el8.9.0+18723+672ccf5d as a component of SUSE Liberty Linux 8 mod_auth_openidc-2.4.9.4-4.el9 as a component of SUSE Liberty Linux 9 apache2-mod_auth_openidc-2.3.8-150100.3.22.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 apache2-mod_auth_openidc-2.3.8-150100.3.22.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP5 apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP6 apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 apache2-mod_auth_openidc-2.3.8-150100.3.22.1 as a component of SUSE Linux Enterprise Real Time 15 SP3 apache2-mod_auth_openidc-2.4.0-7.9.1 as a component of SUSE Linux Enterprise Server 12 SP4-ESPOS apache2-mod_auth_openidc-2.4.0-7.9.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS apache2-mod_auth_openidc-2.4.0-7.9.1 as a component of SUSE Linux Enterprise Server 12 SP5 apache2-mod_auth_openidc-2.3.8-150100.3.22.1 as a component of SUSE Linux Enterprise Server 15 SP4-TERADATA apache2-mod_auth_openidc-2.4.17-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 apache2-mod_auth_openidc-2.4.0-7.9.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 apache2-mod_auth_openidc-2.4.0-7.9.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 apache2-mod_auth_openidc-2.4.0-7.9.1 as a component of SUSE OpenStack Cloud 9 apache2-mod_auth_openidc-2.4.0-7.9.1 as a component of SUSE OpenStack Cloud Crowbar 9 apache2-mod_auth_openidc-2.3.8-150100.3.22.1 as a component of openSUSE Leap 15.4 apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1 as a component of openSUSE Leap 15.6 apache2-mod_auth_openidc-2.4.12.2-1.1 as a component of openSUSE Tumbleweed apache2-mod_auth_openidc as a component of SUSE CaaS Platform 4.0 apache2-mod_auth_openidc as a component of SUSE Enterprise Storage 7 apache2-mod_auth_openidc as a component of SUSE Enterprise Storage 7.1 apache2-mod_auth_openidc as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS apache2-mod_auth_openidc as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS apache2-mod_auth_openidc as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS apache2-mod_auth_openidc as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS apache2-mod_auth_openidc as a component of SUSE Linux Enterprise Server 15 SP1-LTSS apache2-mod_auth_openidc as a component of SUSE Linux Enterprise Server 15 SP2-LTSS apache2-mod_auth_openidc as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 apache2-mod_auth_openidc as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 apache2-mod_auth_openidc as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 apache2-mod_auth_openidc as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 apache2-mod_auth_openidc as a component of SUSE Manager Proxy 4.2 apache2-mod_auth_openidc as a component of SUSE Manager Retail Branch Server 4.2 apache2-mod_auth_openidc as a component of SUSE Manager Server 4.2 mod_auth_openidc is an OpenID Certified(tm) authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed. CVE-2022-23527 SUSE Liberty Linux 8:cjose-0.6.1-4.module+el8.9.0+19469+5b493da9 SUSE Liberty Linux 8:cjose-devel-0.6.1-4.module+el8.9.0+19469+5b493da9 SUSE Liberty Linux 8:mod_auth_openidc-2.4.9.4-5.module+el8.9.0+18723+672ccf5d SUSE Liberty Linux 9:mod_auth_openidc-2.4.9.4-4.el9 SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_auth_openidc-2.3.8-150100.3.22.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:apache2-mod_auth_openidc-2.3.8-150100.3.22.1 SUSE Linux Enterprise Module for Server Applications 15 SP6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1 SUSE Linux Enterprise Real Time 15 SP3:apache2-mod_auth_openidc-2.3.8-150100.3.22.1 SUSE Linux Enterprise Server 12 SP4-ESPOS:apache2-mod_auth_openidc-2.4.0-7.9.1 SUSE Linux Enterprise Server 12 SP4-LTSS:apache2-mod_auth_openidc-2.4.0-7.9.1 SUSE Linux Enterprise Server 12 SP5:apache2-mod_auth_openidc-2.4.0-7.9.1 SUSE Linux Enterprise Server 15 SP4-TERADATA:apache2-mod_auth_openidc-2.3.8-150100.3.22.1 SUSE Linux Enterprise Server 16.0:apache2-mod_auth_openidc-2.4.17-160000.2.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_auth_openidc-2.4.0-7.9.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:apache2-mod_auth_openidc-2.4.0-7.9.1 SUSE OpenStack Cloud 9:apache2-mod_auth_openidc-2.4.0-7.9.1 SUSE OpenStack Cloud Crowbar 9:apache2-mod_auth_openidc-2.4.0-7.9.1 openSUSE Leap 15.4:apache2-mod_auth_openidc-2.3.8-150100.3.22.1 openSUSE Leap 15.6:apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1 openSUSE Tumbleweed:apache2-mod_auth_openidc-2.4.12.2-1.1 moderate 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N