CVE-2019-15941 - OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access cont

CVE-2019-15941

Summary

OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the target RP, and no filtering on redirection URIs.

References

Vulnerable Configurations

cpe:2.3:a:lemonldap-ng:lemonldap\:\::2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\::2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\::2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\::2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\::2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\::2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\::2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\::2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\::2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\::2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\::2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\::2.0.5:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-08-2020 - 15:05)
Impact:
Exploitability:

CWE

CWE-863

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20190926 [SECURITY] [DSA 4533-1] lemonldap-ng security update
debian	DSA-4533
misc	https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1881 https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-0-6-is-out/

Last major update

18-08-2020 - 15:05

Published

25-09-2019 - 20:15

Last modified

18-08-2020 - 15:05