| Summary | An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired access token from an OIDC client to access the OAuth2 handler The earliest affected version is 2.0.4. |
|---|---|
| Publication Date | Nov. 11, 2024, 8:15 a.m. |
| Registration Date | Nov. 11, 2024, noon |
| Last Update | Nov. 20, 2024, 5:35 a.m. |