Insufficiently Protected Credentials Affecting lemonldap-ng package, versions <2.0.2+ds-7+deb10u1
Threat Intelligence
EPSS
3.08% (92nd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIANUNSTABLE-LEMONLDAPNG-346028
- published 14 May 2019
- disclosed 22 May 2019
Introduced: 14 May 2019
CVE-2019-12046 Open this link in a new tabHow to fix?
Upgrade Debian:unstable lemonldap-ng to version 2.0.2+ds-7+deb10u1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream lemonldap-ng package and not the lemonldap-ng package as distributed by Debian.
See How to fix? for Debian:unstable relevant fixed versions and status.
LemonLDAP::NG -2.0.3 has Incorrect Access Control.
References
- https://security-tracker.debian.org/tracker/CVE-2019-12046
- https://seclists.org/bugtraq/2019/May/38
- https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-1-9-19-is-out/
- https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-0-4-is-out/
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/commits/master
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1742
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1743
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1744
- https://lemonldap-ng.org/download