Lucene search
+L

8 matches found

NVD
NVD
added 2020/09/14 1:15 p.m.17 views

CVE-2020-24660

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...

9.8CVSS0.02342EPSS
Exploits1References4
CVE
CVE
added 2020/09/14 12:51 p.m.119 views

CVE-2020-24660

CVE-2020-24660 affects LemonLDAP::NG (up to 2.0.8) when used with NGINX, and the Lemonldap::NG handler for Node.js (before 0.5.2). The issue allows an attacker to bypass URL-based access control on protected Virtual Hosts by submitting a non-normalized URI. The vulnerability can impact systems th...

9.8CVSS9.1AI score0.02342EPSS
Exploits1References4Affected Software2
Cvelist
Cvelist
added 2020/09/14 12:51 p.m.21 views

CVE-2020-24660

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...

9.3AI score0.02342EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2020/09/09 6:45 p.m.5 views

node-lemonldap-ng-handler (=0.4.0) potentially affected by CVE-2020-24660 via lemonldap-ng-handler (=0.4.0)

lemonldap-ng-handler NPM version =0.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on lemonldap-ng-handler and may be impacted: - node-lemonldap-ng-handler =0.4.0 Source cves: CVE-2020-24660 Source advisory: OSV:GHSA-X44X-R84W-8V67...

9.8CVSS7.2AI score0.02342EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/09/08 12:0 a.m.19 views

Debian DLA-2367-1 : lemonldap-ng security update

lemonldap-ng community fixed a vulnerability in the Nginx default configuration files CVE-2020-24660. Debian package does not install any default site, but documentation provided insecure examples in Nginx configuration before this version. If you use lemonldap-ng handler with Nginx, you should...

9.8CVSS8.1AI score0.02342EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2020/09/08 12:0 a.m.21 views

Debian DSA-4762-1 : lemonldap-ng - security update

It was discovered that the default configuration files for running the Lemonldap::NG Web SSO system on the Nginx web server were susceptible to authorisation bypass of URL access rules. The Debian packages do not use Nginx by default. C Tenable Network Security, Inc. The descriptive text and...

9.8CVSS8.4AI score0.02342EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2020/09/08 12:0 a.m.11 views

Debian: Security Advisory (DLA-2367-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.02342EPSS
Exploits1References4
Debian
Debian
added 2020/09/07 7:11 p.m.46 views

[SECURITY] [DSA 4762-1] lemonldap-ng security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4762-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 07, 2020 https://www.debian.org/security/faq -...

9.8CVSS9.6AI score0.02342EPSS
Exploits1
Rows per page
Query Builder