|Category:||Debian Local Security Checks|
|Title:||Debian: Security Advisory for lemonldap-ng (DSA-4762-1)|
|Summary:||The remote host is missing an update for the 'lemonldap-ng'; package(s) announced via the DSA-4762-1 advisory.|
The remote host is missing an update for the 'lemonldap-ng'
package(s) announced via the DSA-4762-1 advisory.
It was discovered that the default configuration files for running the
Lemonldap::NG Web SSO system on the Nginx web server were susceptible
to authorisation bypass of URL access rules. The Debian packages do not
use Nginx by default.
'lemonldap-ng' package(s) on Debian Linux.
For the stable distribution (buster), this problem has been fixed in
version 2.0.2+ds-7+deb10u5, this update provides fixed example
configuration which needs to be integrated into Lemonldap::NG
deployments based on Nginx.
We recommend that you upgrade your lemonldap-ng packages.
Common Vulnerability Exposure (CVE) ID: CVE-2020-24660|
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.