Lucene search
+L

4 matches found

osv
osv
added 2026/06/25 10:7 p.m.9 views

GHSA-V2WP-FRMC-5Q3V Lemur: ACME SSRF + creator-equality IDOR lead to AWS IAM/PKI compromise

Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via ACME acmeurl SSRF and creator-equality IDOR Vulnerability Summary Field | Value -- | -- Title | Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via...

9.9CVSS6.1AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.17 views

PT-2026-52657

Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0 Description Lemur is a TLS certificate management service that contains a critical authorization break resulting from a chain of three issues. First, the service auto-provisions new SSO identities as active withou...

9.9CVSS5.8AI score
Exploits0References9
cvelist
cvelist
added 2026/05/12 9:27 p.m.66 views

CVE-2026-44304 Lemur: LDAP Filter Injection enables post-authentication privilege escalation

Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...

8.1CVSS0.00179EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/12 12:0 a.m.10 views

lemur 注入漏洞

Lemur is an open-source TLS certificate management tool developed by Netflix, Inc. Versions of Lemur prior to 1.9.0 contained a injection vulnerability. This vulnerability stemmed from the LDAP authentication module using uncleaned user input to construct LDAP search filters, which could lead to...

8.1CVSS5.8AI score0.00179EPSS
Exploits0References2
Rows per page
Query Builder