8 matches found
CVE-2020-24660
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...
CVE-2020-24660
CVE-2020-24660 affects LemonLDAP::NG (up to 2.0.8) when used with NGINX, and the Lemonldap::NG handler for Node.js (before 0.5.2). The issue allows an attacker to bypass URL-based access control on protected Virtual Hosts by submitting a non-normalized URI. The vulnerability can impact systems th...
CVE-2020-24660
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...
node-lemonldap-ng-handler (=0.4.0) potentially affected by CVE-2020-24660 via lemonldap-ng-handler (=0.4.0)
lemonldap-ng-handler NPM version =0.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on lemonldap-ng-handler and may be impacted: - node-lemonldap-ng-handler =0.4.0 Source cves: CVE-2020-24660 Source advisory: OSV:GHSA-X44X-R84W-8V67...
Debian DLA-2367-1 : lemonldap-ng security update
lemonldap-ng community fixed a vulnerability in the Nginx default configuration files CVE-2020-24660. Debian package does not install any default site, but documentation provided insecure examples in Nginx configuration before this version. If you use lemonldap-ng handler with Nginx, you should...
Debian DSA-4762-1 : lemonldap-ng - security update
It was discovered that the default configuration files for running the Lemonldap::NG Web SSO system on the Nginx web server were susceptible to authorisation bypass of URL access rules. The Debian packages do not use Nginx by default. C Tenable Network Security, Inc. The descriptive text and...
Debian: Security Advisory (DLA-2367-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4762-1] lemonldap-ng security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4762-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 07, 2020 https://www.debian.org/security/faq -...