CVE-2019-20479: 
Alma Linux vulnerability analysis and mitigation

A security vulnerability (CVE-2019-20479) was discovered in mod_auth_openidc before version 2.4.1. The vulnerability is characterized by an open redirect issue that exists in URLs with a slash and backslash at the beginning. This flaw affects the OpenID Connect authentication module for Apache HTTP Server, which enables Apache to operate as an OpenID Connect Relying Party and OAuth 2.0 Resource Server (NVD, Debian Tracker).

The vulnerability stems from insufficient validation of URLs that begin with a slash and backslash combination (/). When processing such URLs, the module fails to properly validate the redirect destination, potentially allowing malicious redirects. The issue was discovered and reported in late 2019, with a CVSS v3 score of 6.1 indicating moderate severity (Red Hat Portal).

The vulnerability could allow an attacker to perform open redirect attacks. When exploited, an attacker could redirect users to malicious websites, potentially leading to phishing attacks or other malicious activities. This is particularly concerning in the context of authentication systems where users might be tricked into providing credentials to illegitimate websites (Debian LTS).

The vulnerability was fixed in mod_auth_openidc version 2.4.1 and later releases. Organizations are strongly recommended to upgrade to the patched version. Various distributions have released security updates to address this vulnerability, including Debian, Fedora, and Red Hat Enterprise Linux (Fedora Update, Red Hat Advisory).