CVE-2024-45160

CRITICAL 9.1

CVSS Score

9.1

EPSS Score

0.0%

EPSS Percentile

0th

Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret).

Vendor	n/a
Product	n/a
Published	Oct 9, 2024
Last Updated	Oct 9, 2024

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new critical vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

gitlab.ow2.org: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags gitlab.ow2.org: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3223 gitlab.ow2.org: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/06d771cbc2d5c752354c50f83e4912e5879f9aa2 gitlab.ow2.org: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/236cdfe42c1dc04a15a4a40c5e6a8c2e858d71d7 gitlab.ow2.org: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/696f49a0855faeb271096dccb8381e2129687c3d