Skip to main content

Lemonldap

9 CVEs product

Monthly

CVE-2024-48933 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lemonldap
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-44469 MEDIUM PATCH This Month

A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Lemonldap
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-28862 CRITICAL POC Act Now

An issue was discovered in LemonLDAP::NG before 2.16.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lemonldap
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-35472 HIGH POC PATCH This Week

An issue was discovered in LemonLDAP::NG before 2.0.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lemonldap Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-24660 npm CRITICAL POC PATCH Act Now

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Authentication Bypass Nginx Lemonldap Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-15941 CRITICAL Act Now

OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lemonldap Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-13031 HIGH This Week

LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Lemonldap Debian Linux
NVD
CVSS 3.0
8.1
EPSS
1.9%
CVE-2019-12046 CRITICAL POC Act Now

LemonLDAP::NG -2.0.3 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lemonldap Debian Linux
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2012-6426 HIGH PATCH This Week

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Lemonldap
NVD
CVSS 2.0
7.5
EPSS
0.3%
EPSS 0% CVSS 6.1
MEDIUM This Month

A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lemonldap
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Lemonldap
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in LemonLDAP::NG before 2.16.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lemonldap
NVD
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

An issue was discovered in LemonLDAP::NG before 2.0.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lemonldap Debian Linux
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Authentication Bypass Nginx +2
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lemonldap Debian Linux
NVD
EPSS 2% CVSS 8.1
HIGH This Week

LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Lemonldap Debian Linux
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

LemonLDAP::NG -2.0.3 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lemonldap Debian Linux
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Lemonldap
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy