CVE-2023-44469

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Sep 29, 2023

Updated: Oct 8, 2023

CWE ID 918

Summary

CVE-2023-44469 is a Server-Side Request Forgery (SSRF) vulnerability affecting the OpenID Connect Issuer in LemonLDAP::NG prior to version 2.17.1. Authenticated remote attackers can exploit this issue by sending malicious GET requests to arbitrary URLs through the request_uri authorization parameter. This vulnerability allows attackers to potentially gain unauthorized access to internal resources or perform actions on behalf of the affected system, similar to the SSRF issue reported in CVE-2020-10770.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

LemonLDAP::NG

Affected Vendors

Lemonldap-ng

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s1CZWO
https://www.cve.org/CVERecord?id=CVE-2023-44469
https://nvd.nist.gov/vuln/detail/CVE-2023-44469

Back to Vulnerability Database