ReportizFlow
Filtered by vendor Lemonldap-ng
Subscriptions
Filtered by product Lemonldap-ng
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52946 | 1 Lemonldap-ng | 1 Lemonldap-ng | 2024-11-21 | 8.8 High |
| An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value. | ||||
| CVE-2021-35473 | 1 Lemonldap-ng | 1 Lemonldap-ng | 2024-11-19 | 9.1 Critical |
| An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired access token from an OIDC client to access the OAuth2 handler The earliest affected version is 2.0.4. | ||||
| CVE-2024-48933 | 1 Lemonldap-ng | 2 Lemonldap-ng, Lemonldap\ | 2024-10-15 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters. | ||||
| CVE-2024-45160 | 1 Lemonldap-ng | 1 Lemonldap-ng | 2024-10-10 | 9.1 Critical |
| Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret). | ||||
Page 1 of 1.