Home > Vulnerability Database > CVE-2021-3639

Mend.io Vulnerability Database

CVE-2021-3639

Date: August 22, 2022

A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.

Severity Score

6.1

Related Resources (8)

Url: https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5

Url: https://access.redhat.com/security/cve/CVE-2021-3639

Url: https://access.redhat.com/errata/RHSA-2022:1934

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-3639

Url: https://security-tracker.debian.org/tracker/CVE-2021-3639

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1980648

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3639

Url: https://www.mend.io/vulnerability-database/CVE-2021-3639

Severity Score

6.1

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2021-3639

Date: August 22, 2022

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?