Back to search
CVE-2019-15941
Published: Sep 25, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the target RP, and no filtering on redirection URIs.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1881
x_refsource_MISC
DSA-4533
vendor-advisory
x_refsource_DEBIAN
20190926 [SECURITY] [DSA 4533-1] lemonldap-ng security update
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now