Lemonldap-ng Lemonldap::ng — known CVE vulnerabilities
Every CVE whose affected-product data names Lemonldap-ng Lemonldap::ng, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2021-40874 — CVSS 9.8 (critical): An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation…
CVE-2023-28862 — CVSS 9.8 (critical): An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling…
CVE-2019-15941 — CVSS 9.8 (critical): OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect…
CVE-2019-19791 — CVSS 9.8 (critical): In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to…
CVE-2020-24660 — CVSS 9.8 (critical): An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected…
CVE-2021-35472 — CVSS 8.8 (high): An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a…
CVE-2012-6426 — CVSS 7.5 (high): LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass…
CVE-2020-16093 — CVSS 7.5 (high): In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote…
CVE-2024-48933 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML…
CVE-2022-37186 — CVSS 5.9 (medium): In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity…
CVE-2023-44469 — CVSS 4.3 (medium): A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to…