OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the target RP, and no filtering on redirection URIs.
Max CVSS
9.8
EPSS Score
0.47%
Published
2019-09-25
Updated
2020-08-18
LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule.
Max CVSS
8.1
EPSS Score
0.26%
Published
2019-06-28
Updated
2019-08-26
LemonLDAP::NG -2.0.3 has Incorrect Access Control.
Max CVSS
9.8
EPSS Score
1.81%
Published
2019-05-22
Updated
2020-08-24
LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.
Max CVSS
7.5
EPSS Score
0.36%
Published
2013-01-01
Updated
2013-01-07
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!