Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lemonldap:: vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2019-19791
In LemonLDAP::NG (aka lemonldap-ng) prior to 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used). For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypa...
Lemonldap-ng Lemonldap\\ \\
NA
CVE-2023-44469
A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG prior to 2.17.1 allows authenticated remote malicious users to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.
Lemonldap-ng Lemonldap\\ \\
668
VMScore
CVE-2012-6426
LemonLDAP::NG prior to 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote malicious users to bypass intended access-control restrictions via crafted SAML data.
Lemonldap-ng Lemonldap\\ \\
NA
CVE-2023-28862
An issue exists in LemonLDAP::NG prior to 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow malicious users to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does ...
Lemonldap-ng Lemonldap\\ \\
NA
CVE-2022-37186
In LemonLDAP::NG prior to 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed...
Lemonldap-ng Lemonldap\\ \\
NA
CVE-2020-16093
In LemonLDAP::NG (aka lemonldap-ng) up to and including 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.
Lemonldap-ng Lemonldap\\ \\
Debian Debian Linux 10.0
NA
CVE-2021-40874
An issue exists in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combina...
Lemonldap-ng Lemonldap\\ \\
Debian Debian Linux 10.0
668
VMScore
CVE-2019-12046
LemonLDAP::NG -2.0.3 has Incorrect Access Control.
Lemonldap-ng Lemonldap\\ \\
Debian Debian Linux 9.0
668
VMScore
CVE-2019-15941
OpenID Connect Issuer in LemonLDAP::NG 2.x up to and including 2.0.5 may allow an malicious user to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with we...
Lemonldap-ng Lemonldap\\ \\
Debian Debian Linux 10.0
668
VMScore
CVE-2020-24660
An issue exists in LemonLDAP::NG up to and including 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions prior to 0.5.2 of the "Lemonldap::NG handler for Node.js&...
Lemonldap-ng Lemonldap\\ \\
Debian Debian Linux 10.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »