Description
LemonLDAP::NG -2.0.3 has Incorrect Access Control.
References (8)
Core 8
Core References
Third Party Advisory x_refsource_misc
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/commits/master
Product, Vendor Advisory x_refsource_misc
https://lemonldap-ng.org/download
Exploit, Third Party Advisory x_refsource_misc
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1742
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/bugtraq/2019/May/38
Third Party Advisory x_refsource_misc
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1743
Third Party Advisory x_refsource_misc
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1744
Release Notes, Third Party Advisory x_refsource_confirm
https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-1-9-19-is-out/
Release Notes, Third Party Advisory x_refsource_confirm
https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-0-4-is-out/
Scores
CVSS v3
9.8
EPSS
0.0280
EPSS Percentile
84.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
Status
published
Products (2)
debian/debian_linux
9.0
lemonldap-ng/lemonldap\
\ ng
Published
May 22, 2019
Tracked Since
Feb 18, 2026