Description
OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the target RP, and no filtering on redirection URIs.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1881
Third Party Advisory x_refsource_misc
https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-0-6-is-out/
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2019/dsa-4533
Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Sep/46
Scores
CVSS v3
9.8
EPSS
0.0220
EPSS Percentile
80.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-863
Status
published
Products (2)
debian/debian_linux
10.0
lemonldap-ng/lemonldap\
2.0.0 - 2.0.5
Published
Sep 25, 2019
Tracked Since
Feb 18, 2026