PT-2023-29248 · Unknown · Lemonldap::Ng

Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.17.1 Description: A Server-Side Request Forgery issue in the OpenID Connect Issuer allows authenticated remote attackers to send GET requests to arbitrary URLs through the request uri authorization parameter...

UBUNTU-CVE-2019-15941

OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the...