CVE-2021-35472
Summary
| CVE | CVE-2021-35472 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-07-30 14:15:00 UTC |
|---|
| Updated | 2021-08-11 15:31:00 UTC |
|---|
| Description | An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Tags · LemonLDAP NG / lemonldap-ng · GitLab |
MISC |
gitlab.ow2.org |
|
| Upgrade notes for 2.0.12 (8d3b763b) · Commits · LemonLDAP NG / lemonldap-ng · GitLab |
CONFIRM |
gitlab.ow2.org |
|
| [security:high, CVE-2021-35472] session cache corruption can lead to authorization bypass or spoofing (#2539) · Issues · LemonLDAP NG / lemonldap-ng · GitLab |
MISC |
gitlab.ow2.org |
|
| Debian -- Security Information -- DSA-4943-1 lemonldap-ng |
DEBIAN |
www.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 178720 Debian Security Update for lemonldap-ng (DSA 4943-1)
- 179865 Debian Security Update for lemonldap-ng (CVE-2021-35472)
