LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.
Privilege Escalation
Lemonldap
NVD
CVSS 2.0
7.5
EPSS
0.3%