Lemonldap Ng
Monthly
Open redirect in LemonLDAP::NG versions up to and including 2.23.0 allows unauthenticated remote attackers to manipulate the `url` argument within the SAML Common Domain Cookie (CDC) endpoint, causing authenticated SSO users to be silently forwarded to arbitrary attacker-controlled domains. The SSO context makes this particularly high-consequence for phishing: victims trust the identity provider's domain, lowering suspicion of the crafted redirect URL. Publicly available exploit code exists (CVSS 4.0 E:P); no vendor patch has been confirmed, as the vendor was unresponsive to responsible disclosure by VulDB.
Open redirect in LemonLDAP::NG versions up to and including 2.23.0 allows unauthenticated remote attackers to manipulate the `url` argument within the SAML Common Domain Cookie (CDC) endpoint, causing authenticated SSO users to be silently forwarded to arbitrary attacker-controlled domains. The SSO context makes this particularly high-consequence for phishing: victims trust the identity provider's domain, lowering suspicion of the crafted redirect URL. Publicly available exploit code exists (CVSS 4.0 E:P); no vendor patch has been confirmed, as the vendor was unresponsive to responsible disclosure by VulDB.