Access Control Vulnerability in LemonLDAP::NG 2.0.3
CVE-2019-12046

9.8CRITICAL

Key Information:

Vendor

Lemonldap-ng

Status
Lemonldap\
Vendor
CVE Published:
22 May 2019

What is CVE-2019-12046?

LemonLDAP::NG version 2.0.3 is susceptible to an access control vulnerability that permits unauthorized access to sensitive areas of the application, potentially compromising user sessions and data integrity. Attackers can exploit this flaw to bypass intended security measures, leading to unauthorized data access which can jeopardize the overall security of the system. Users are encouraged to upgrade to the latest versions to mitigate this risk.

References

https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/commits/...
x_refsource_MISC
https://lemonldap-ng.org/download
x_refsource_MISC
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1742
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.