Server-Side Request Forgery in LemonLDAP::NG OpenID Connect Issuer (CVE-2020-10770)

CVE-2023-44469 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.

Learn more about our Cis Benchmark Audit For Server Software.