CPE-9FCA0E72-E147-4401-A174-2582E3429B9B Detail

CPE Details

LemonLDAP::NG 1.4.1

Vendor

lemonldap-ng

Product

lemonldap::ng

Version

1.4.1

Created

2019-07-11
12h06 +00:00

Modified

2019-07-11
12h06 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.4.1:::::::*

Informations

Vendor

lemonldap-ng

Product

lemonldap::ng

Version

1.4.1

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2024-48933	2024-10-08 22h00 +00:00	A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters.	6.1	Medium
CVE-2023-44469	2023-09-28 22h00 +00:00	A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.	4.3	Medium
CVE-2019-19791	2023-05-28 22h00 +00:00	In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used). For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive.	9.8	Critical
CVE-2022-37186	2023-04-16 00h00 +00:00	In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically.	5.9	Medium
CVE-2023-28862	2023-03-31 00h00 +00:00	An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an AuthBasic session.	9.8	Critical
CVE-2020-16093	2022-07-16 22h00 +00:00	In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.	7.5	High
CVE-2021-35472	2021-07-27 03h32 +00:00	An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.	8.8	High
CVE-2020-24660	2020-09-14 10h51 +00:00	An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package.	9.8	Critical

LemonLDAP::NG 1.4.1

CPE Details

CPE Name: cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.4.1:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.4.1:::::::*