CVE-2021-35473 – LemonLDAP::NG OAuth2.0 Access Token Validation Vulnerability

CVE ID : CVE-2021-35473

Published : Nov. 10, 2024, 11:15 p.m. | 1 hour, 1 minute ago

Description : An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired access token from an OIDC client to access the OAuth2 handler The earliest affected version is 2.0.4.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2021-35473 – LemonLDAP::NG OAuth2.0 Access Token Validation Vulnerability