CVE-2019-15941

OpenID Connect Issuer in LemonLDAP::NG 2.x up to 2.0.5 can bypass access control via a crafted OIDC authorization request when there is a weaker relaying party and no redirection URI filtering. Affected components: LemonLDAP::NG (OpenID Connect issuer) in 2.x up to 2.0.5. Root cause: misconfigure...