CVE-2019-12046

CRITICAL

LemonLDAP::NG -2.0.3 - Info Disclosure

Title source: llm

Description

LemonLDAP::NG -2.0.3 has Incorrect Access Control.

References (8)

[Third Party Advisory] https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/commits/master

[Exploit, Third Party Advisory] https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1742

[Third Party Advisory] https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1743

[Third Party Advisory] https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1744

[Product, Vendor Advisory] https://lemonldap-ng.org/download

[Release Notes, Third Party Advisory] https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-1-9-19-is-out/

[Release Notes, Third Party Advisory] https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-0-4-is-out/

[Mailing List, Third Party Advisory] https://seclists.org/bugtraq/2019/May/38

Scores

CVSS v3 9.8

EPSS 0.0091

EPSS Percentile 75.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (2)

lemonldap-ng/lemonldap\

debian/debian_linux

Timeline

Published May 22, 2019

Tracked Since Feb 18, 2026