ID: CVE-2024-48933 CVSS N/A A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that... #security#infosec#cve-alert

ID: CVE-2024-45160 CVSS N/A Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret). #security#infosec#cve-alert

#LemonLDAPNG#LemonLDAP#LDAP#LightweightDirectoryAccessProtocol#WebSSO#SingleSignOn#SSO#OpenIDConnect#CAS#OAuth#OpenID#REST#SAML#SOAPlemonldap-ng.org

LemonLDAP::NG - Web Single Sign On and Access Management Free Software

LemonLDAP::NG is a free software to provide WebSSO, Access Management and Identity Federation

#LemonLDAPNG#LemonLDAP#LDAP#LightweightDirectoryAccessProtocol#WebSSO#SingleSignOn#SSO#OpenIDConnect#CAS#OAuth#OpenID#REST#SAML#SOAPlemonldap-ng.org

LemonLDAP::NG - Web Single Sign On and Access Management Free Software

LemonLDAP::NG is a free software to provide WebSSO, Access Management and Identity Federation

CVE-2023-44469 - A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.