CVE-2020-16093
Summary
| CVE | CVE-2020-16093 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-07-18 00:15:00 UTC |
|---|
| Updated | 2023-02-28 18:29:00 UTC |
|---|
| Description | In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] [DLA 3287-1] lemonldap-ng security update |
MLIST |
lists.debian.org |
|
| [CVE-2020-16093] Peer certificate not checked when using LDAPS (#2250) · Issues · LemonLDAP NG / lemonldap-ng · GitLab |
MISC |
gitlab.ow2.org |
|
| download [LemonLDAP::NG] |
MISC |
lemonldap-ng.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 180710 Debian Security Update for lemonldap-ng (CVE-2020-16093)
- 181509 Debian Security Update for libapache-session-ldap-perl (DLA 3284-1)
- 181510 Debian Security Update for libapache-session-browseable-perl (DLA 3285-1)
- 181511 Debian Security Update for lemonldap-ng (DLA 3287-1)
