CVE-2019-15941 Information

Description

OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the target RP and no filtering on redirection URIs.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1881 https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-0-6-is-out/ https://seclists.org/bugtraq/2019/Sep/46 https://www.debian.org/security/2019/dsa-4533

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8