A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-09-29T00:00:00
Updated: 2024-08-02T20:07:33.450Z
Reserved: 2023-09-29T00:00:00
Link: CVE-2023-44469
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-09-29T07:15:14.073
Modified: 2023-10-08T19:15:54.367
Link: CVE-2023-44469
Redhat
No data.