Published: 22/05/2019 Updated: 24/08/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

LemonLDAP::NG -2.0.3 has Incorrect Access Control.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lemonldap-ng lemonldap\\ \\
debian debian linux 9.0

Debian Bug report logs - #928944 CVE-2019-12046: lemonldap-ng tokens allows anonymous session when stored in session DB Package: liblemonldap-ng-portal-perl; Maintainer for liblemonldap-ng-portal-perl is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Source for liblemonldap-ng-portal-perl is src:lemonldap-ng (PTS, ...

It was discovered that the Lemonldap::NG web SSO system performed insuffient validation of session tokens if the tokenUseGlobalStorage option is enabled, which could grant users with access to the main session database access to an anonymous session For the stable distribution (stretch), this problem has been fixed in version 197-3+deb9u1 We re ...

CWE-522 https://seclists.org/bugtraq/2019/May/38 https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-0-4-is-out/https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-1-9-19-is-out/https://lemonldap-ng.org/download https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1744 https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1743 https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1742 https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/commits/master https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928944 https://nvd.nist.gov https://www.debian.org/security/2019/dsa-4446

CVE-2019-12046

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect