4 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-15941
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request...
[SECURITY] [DSA 4533-1] lemonldap-ng security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4533-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 25, 2019 https://www.debian.org/security/faq -...
CVE-2019-15941
OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the...
CVE-2019-15941
OpenID Connect Issuer in LemonLDAP::NG 2.x up to 2.0.5 can bypass access control via a crafted OIDC authorization request when there is a weaker relaying party and no redirection URI filtering. Affected components: LemonLDAP::NG (OpenID Connect issuer) in 2.x up to 2.0.5. Root cause: misconfigure...