LemonLDAP::NG 2.0.14

CPE Details

LemonLDAP::NG 2.0.14
lemonldap-ng
lemonldap::ng
2.0.14
2022-07-21
14h28 +00:00
2022-07-26
12h37 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:2.0.14:*:*:*:*:*:*:*

Informations

Vendor

lemonldap-ng

Product

lemonldap::ng

Version

2.0.14

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-48933 2024-10-08 22h00 +00:00 A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters.
6.1
Medium
CVE-2023-44469 2023-09-28 22h00 +00:00 A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.
4.3
Medium
CVE-2022-37186 2023-04-16 00h00 +00:00 In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically.
5.9
Medium
CVE-2023-28862 2023-03-31 00h00 +00:00 An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an AuthBasic session.
9.8
Critical