155 matches found
CVE-2026-44304
Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...
CVE-2026-44304
Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...
CVE-2026-44305 Lemur: LDAP TLS certificate verification globally disabled enables credential interception
Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the...
CVE-2026-44305
CVE-2026-44305 affects Lemur when LDAP_USE_TLS is True. The LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level, causing any MITM between Lemur and the LDAP server to intercept credentials and potentially modify responses. This vulnerab...
CVE-2026-44304
Summary: Lemur’s LDAP authentication module (lemur/auth/ldap.py) constructs LDAP filters using unsanitized username input, enabling a post-authentication LDAP filter injection that can modify group membership queries and escalate privileges to administrator. This affects Lemur prior to version 1....
CVE-2026-44304 Lemur: LDAP Filter Injection enables post-authentication privilege escalation
Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...
CVE-2026-44304
Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...
CVE-2026-44304 Lemur: LDAP Filter Injection enables post-authentication privilege escalation
Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...
lemur 注入漏洞
Lemur is an open-source TLS certificate management tool developed by Netflix, Inc. Versions of Lemur prior to 1.9.0 contained a injection vulnerability. This vulnerability stemmed from the LDAP authentication module using uncleaned user input to construct LDAP search filters, which could lead to...
lemur 信任管理问题漏洞
Lemur is an open-source TLS certificate management tool developed by Netflix, Inc. Versions of Lemur prior to 1.9.0 contained a vulnerability related to trust management. This vulnerability stemmed from unconditional disabling of TLS certificate verification when LDAP TLS was enabled, which could...
LDAP Injection
Overview lemur is a Certificate management and orchestration service Affected versions of this package are vulnerable to LDAP Injection via unsanitized input in the username field during the authentication process. An attacker can escalate privileges and gain unauthorized access to sensitive...
Improper Certificate Validation
Overview lemur is a Certificate management and orchestration service Affected versions of this package are vulnerable to Improper Certificate Validation in the ldap process. An attacker can intercept authentication credentials and modify LDAP responses by performing a man-in-the-middle attack...
EUVD-2025-117232
Malicious code in mental-coral-lemur npm...
EUVD-2025-117281
Malicious code in junior-azure-lemur npm...
Malicious code in brainy_lemur_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 678d9b348696f0d98fe04d73abd552d42247e07fb8f26f5bed088796b464df0c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-100966
Malicious code in brokenlemurz3n npm...
MAL-2025-120042 Malicious code in few_lemur_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff2a973e6afd4f89a1462ff3064a6be774b7fb50edd41701168eac7af5a7e1d1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-95257
Malicious code in romanticlemurz3n npm...
EUVD-2025-96461
Malicious code in medievallemurz3n npm...
EUVD-2025-95881
Malicious code in originallemurz3n npm...