8 matches found
CVE-2026-14336
PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check issuer.startswith' https://ci.eclipse.org ' in isissuerknown, pia/models.py:139 instead of validating the issuer as a properly host-bounded URL. An attacker can craft an issuer such as https://[email protected]...
PT-2026-54948
Name of the Vulnerable Software and Affected Versions PIA affected versions not specified Description The OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check instead of validating the issuer as a properly host-bounded URL. This allows an attacker to bypass the check using a...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the audit logging process. An attacker can obtain sensitive information by accessing improperly redacted HTTP request bodies recorded in audit logs. This may expose short-lived...
Debian dla-3612 : lemonldap-ng - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3612 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3612-1 [email protected] https://www.debian.org/lts/security/...
CVE-2023-44469
A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the requesturi authorization parameter. This is similar to CVE-2020-10770...
CVE-2023-44469
A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the requesturi authorization parameter. This is similar to CVE-2020-10770...
CVE-2023-44469
A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the requesturi authorization parameter. This is similar to CVE-2020-10770...
CVE-2023-44469
CVE-2023-44469 affects LemonLDAP::NG OpenID Connect Issuer (before 2.17.1). A Server-Side Request Forgery allows authenticated remote attackers to cause GET requests to arbitrary URLs via the request_uri parameter. Debian LTS advisory DLA-3612-1 confirms the vulnerability and fixes in LemonLDAP::...