Lucene search
K

8 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/02 8:29 a.m.7 views

CVE-2026-14336

PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check issuer.startswith' https://ci.eclipse.org ' in isissuerknown, pia/models.py:139 instead of validating the issuer as a properly host-bounded URL. An attacker can craft an issuer such as https://[email protected]...

8.2CVSS6AI score0.00321EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-54948

Name of the Vulnerable Software and Affected Versions PIA affected versions not specified Description The OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check instead of validating the issuer as a properly host-bounded URL. This allows an attacker to bypass the check using a...

8.2CVSS6.1AI score0.00321EPSS
Exploits0References4
Snyk
Snyk
added 2025/10/22 7:37 p.m.4 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the audit logging process. An attacker can obtain sensitive information by accessing improperly redacted HTTP request bodies recorded in audit logs. This may expose short-lived...

7.5CVSS6.5AI score0.00286EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/08 12:0 a.m.38 views

Debian dla-3612 : lemonldap-ng - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3612 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3612-1 [email protected] https://www.debian.org/lts/security/...

4.3CVSS5.1AI score0.00549EPSS
Exploits0References4
NVD
NVD
added 2023/09/29 7:15 a.m.34 views

CVE-2023-44469

A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the requesturi authorization parameter. This is similar to CVE-2020-10770...

4.3CVSS4.8AI score0.00549EPSS
Exploits0References4
OSV
OSV
added 2023/09/29 7:15 a.m.36 views

CVE-2023-44469

A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the requesturi authorization parameter. This is similar to CVE-2020-10770...

4.3CVSS7.2AI score0.00549EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/09/29 12:0 a.m.35 views

CVE-2023-44469

A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the requesturi authorization parameter. This is similar to CVE-2020-10770...

5.2AI score0.00549EPSS
Exploits0References4
CVE
CVE
added 2023/09/29 12:0 a.m.74 views

CVE-2023-44469

CVE-2023-44469 affects LemonLDAP::NG OpenID Connect Issuer (before 2.17.1). A Server-Side Request Forgery allows authenticated remote attackers to cause GET requests to arbitrary URLs via the request_uri parameter. Debian LTS advisory DLA-3612-1 confirms the vulnerability and fixes in LemonLDAP::...

4.3CVSS4.7AI score0.00549EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder