LemonLDAP::NG 2.0.15

CPE Details

LemonLDAP::NG 2.0.15
lemonldap-ng
lemonldap::ng
2.0.15
2023-04-20
16h22 +00:00
2023-07-08
01h13 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:2.0.15:*:*:*:*:*:*:*

Informations

Vendor

lemonldap-ng

Product

lemonldap::ng

Version

2.0.15

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-48933 2024-10-08 22h00 +00:00 A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters.
6.1
Medium
CVE-2023-44469 2023-09-28 22h00 +00:00 A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.
4.3
Medium
CVE-2023-28862 2023-03-31 00h00 +00:00 An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an AuthBasic session.
9.8
Critical