166 matches found
PYSEC-2026-384 Lemur: ACME SSRF + creator-equality IDOR lead to AWS IAM/PKI compromise
Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via ACME acmeurl SSRF and creator-equality IDOR Vulnerability Summary Field | Value -- | -- Title | Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via...
CVE-2026-55165
creationtimestamp| type| source ---|---|--- 2026-06-26 00:35:05+00:00| published-proof-of-concept| https://github.com/Netflix/lemur/security/advisories/GHSA-r9gp-7f88-9r54...
CVE-2026-55166
creationtimestamp| type| source ---|---|--- 2026-06-26 00:35:02+00:00| published-proof-of-concept| https://github.com/Netflix/lemur/security/advisories/GHSA-v2wp-frmc-5q3v...
CVE-2026-55162
creationtimestamp| type| source ---|---|--- 2026-06-25 22:35:02+00:00| published-proof-of-concept| https://github.com/Netflix/lemur/security/advisories/GHSA-54vg-pfh7-jq95...
GHSA-V2WP-FRMC-5Q3V Lemur: ACME SSRF + creator-equality IDOR lead to AWS IAM/PKI compromise
Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via ACME acmeurl SSRF and creator-equality IDOR Vulnerability Summary Field | Value -- | -- Title | Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via...
GHSA-R9GP-7F88-9R54 Lemur: JWT verifier honors attacker-supplied alg, enabling ATO
Lemur 1.9.0: JWT verifier trusts attacker-supplied alg from token header — defense-in-depth gap; chain-dependent ATO with secret disclosure Vulnerability Summary Field | Value -- | -- Title | Lemur 1.9.0: JWT verifier trusts attacker-supplied alg from token header — defense-in-depth gap;...
GHSA-X3VF-MGXJ-7785 Lemur Privilege Escalation: Non-admin role members can rewrite role membership via PUT /api/1/roles/<id>
Summary The PUT /api/1/roles/ handler in lemur/roles/views.py gates only on RoleMemberPermissionroleid.can, which is satisfied for any user who is already a member of the target role. The handler then passes data"users" and data"name" directly to service.update, permitting any role member to...
GHSA-QCQW-JWXC-2HQG Lemur has an authorization bypass in StrictRolePermission / AuthorityCreatorPermission
Summary StrictRolePermission and AuthorityCreatorPermission in lemur/auth/permissions.py call flaskprincipal.Permission.init with zero Needs when their config flags are unset. Both flags defaulted to False in code prior to the fix, so this was the state of any Lemur install that hadn't explicitly...
PT-2026-52657
Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0 Description Lemur is a TLS certificate management service that contains a critical authorization break resulting from a chain of three issues. First, the service auto-provisions new SSO identities as active withou...
PT-2026-52643
Name of the Vulnerable Software and Affected Versions Lemur affected versions not specified Description An authorization bypass exists in the StrictRolePermission and AuthorityCreatorPermission classes within lemur/auth/permissions.py. When the configuration flags LEMUR STRICT ROLE ENFORCEMENT an...
CVE-2026-44304
Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...
CVE-2026-44304
Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...
CVE-2026-44305 Lemur: LDAP TLS certificate verification globally disabled enables credential interception
Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the...
CVE-2026-44305
CVE-2026-44305 affects Lemur when LDAP_USE_TLS is True. The LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level, causing any MITM between Lemur and the LDAP server to intercept credentials and potentially modify responses. This vulnerab...
CVE-2026-44304 Lemur: LDAP Filter Injection enables post-authentication privilege escalation
Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...
CVE-2026-44304 Lemur: LDAP Filter Injection enables post-authentication privilege escalation
Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...
CVE-2026-44304
Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...
CVE-2026-44304
Summary: Lemur’s LDAP authentication module (lemur/auth/ldap.py) constructs LDAP filters using unsanitized username input, enabling a post-authentication LDAP filter injection that can modify group membership queries and escalate privileges to administrator. This affects Lemur prior to version 1....
CVE-2026-44304 Lemur: LDAP Filter Injection enables post-authentication privilege escalation
Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...
lemur 信任管理问题漏洞
Lemur is an open-source TLS certificate management tool developed by Netflix, Inc. Versions of Lemur prior to 1.9.0 contained a vulnerability related to trust management. This vulnerability stemmed from unconditional disabling of TLS certificate verification when LDAP TLS was enabled, which could...