Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 29/09/2023 Updated: 08/10/2023

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 0

A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG prior to 2.17.1 allows authenticated remote malicious users to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lemonldap-ng lemonldap\\ \\

CWE-918 https://security.lauritz-holtmann.de/post/sso-security-ssrf/https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2998 https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/releases/v2.17.1 https://lists.debian.org/debian-lts-announce/2023/10/msg00014.html https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-44469

Vulnerability Summary

References

Vulmon Search

About

Products

Connect