10 matches found
CVE-2019-12046
LemonLDAP::NG -2.0.3 has Incorrect Access Control...
CVE-2019-12046
LemonLDAP::NG -2.0.3 has Incorrect Access Control...
CVE-2019-12046
creationtimestamp| type| source ---|---|--- 2019-05-22 15:48:20+00:00| seen| https://t.me/cvemitreorg/125...
CVE-2019-12046
Summary: CVE-2019-12046 affects LemonLDAP::NG -2.0.3 and is due to Incorrect Access Control. The issue has been observed across multiple advisories and OSV/Red Hat entries, confirming a vulnerability in the 2.0.3 line. The NVD/NIST entry notes high severity (CVSS v3: CRITICAL, 9.8) with network i...
CVE-2019-12046
LemonLDAP::NG -2.0.3 has Incorrect Access Control...
Debian: Security Advisory (DLA-1790-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1790-1] lemonldap-ng security update
Package : lemonldap-ng Version : 1.3.3-1+deb9u1 CVE ID : CVE-2019-12046 Debian Bug : 928944 Erratum: bad versions An attack vector was discovered by lemonldap-ng developers. When the SAML or CAS service provider is enable and the administrator has chosen to store SAML/CAS tokens in the session...
[SECURITY] [DLA 1791-1] lemonldap-ng security update
Package : lemonldap-ng Version : 1.9.7-3+deb9u1 CVE ID : CVE-2019-12046 Debian Bug : 928944 An attack vector was discovered by the lemonldap-ng developers. When the SAML or CAS service provider is enabled and the administrator has chosen to store the SAML/CAS tokens in the session database, an...
Debian DSA-4446-1 : lemonldap-ng - security update
It was discovered that the Lemonldap::NG web SSO system performed insufficient validation of session tokens if the 'tokenUseGlobalStorage'option is enabled, which could grant users with access to the main session database access to an anonymous session. C Tenable Network Security, Inc. The...
[SECURITY] [DSA 4446-1] lemonldap-ng security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4446-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 14, 2019 https://www.debian.org/security/faq -...