5 matches found
CVE-2026-44671 ZITADEL: LDAP Filter Injection in Login Flow
ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allo...
Authentication Bypass
github.com/minio/minio is vulnerable to Authentication bypass. The vulnerability is due to improper enforcement of SSH key validation when using LDAP as an external identity provider, allowing unauthorized access if the sshPublicKey attribute is missing...
CVE-2025-27414
A flaw was found in MinIO. An incorrect evaluation of the SSH key used in an SFTP connection when using LDAP as an external identity provider with a user with no sshPublicKey property allows an attacker to perform any FTP operations like reading, writing, deleting and listing objects, resulting i...
PT-2025-9136 · Minio · Minio
Name of the Vulnerable Software and Affected Versions: MinIO versions RELEASE.2024-06-06T09-36-42Z through RELEASE.2025-02-28T09-55-16Z Description: A bug in MinIO's evaluation of the trust of the SSH key used in an SFTP connection allows authentication bypass and unauthorized data access. This...
PT-2022-3916 · Unknown · Pinniped Supervisor
Name of the Vulnerable Software and Affected Versions: Pinniped Supervisor affected versions not specified Description: An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. The issue allows an attack where a malicious us...