CVE-2026-44305
- EPSS 0.09%
- Veröffentlicht 12.05.2026 21:28:06
- Zuletzt bearbeitet 13.05.2026 17:24:36
Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled (LDAP_USE_TLS = True), Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the...
CVE-2026-44304
- EPSS 0.18%
- Veröffentlicht 12.05.2026 21:27:28
- Zuletzt bearbeitet 14.05.2026 13:16:19
Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module (lemur/auth/ldap.py) constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP fi...
CVE-2023-30797
- EPSS 0.78%
- Veröffentlicht 19.04.2023 20:15:12
- Zuletzt bearbeitet 21.11.2025 17:15:47
Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.
CVE-2015-7764
- EPSS 1.51%
- Veröffentlicht 09.08.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.