PT-2019-13089 · Lemonldap · Lemonldap::Ng

Clément Oudot

Published

2019-06-28

Updated

2019-08-26

CVE-2019-13031

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LemonLDAP::NG versions prior to 1.9.20

Description The issue is related to an XML External Entity (XXE) problem that occurs when submitting a notification to the notification server. It's worth noting that the notification server is not enabled by default and has a "deny all" rule, which may limit the exposure to this issue.

Recommendations For versions prior to 1.9.20, update to version 1.9.20 or later to resolve the issue.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2019-13031

DLA-1844-1

Affected Products

Lemonldap::Ng

PT-2019-13089 · Lemonldap · Lemonldap::Ng

CVE-2019-13031

Weakness Enumeration

Related Identifiers

Affected Products

References · 15