ByteOS Network

NVD Vulnerability Details :

CVE-2019-11066

Analyzed

Source-cve@mitre.org

Published At-10 May, 2019 | 20:29

Updated At-13 May, 2019 | 16:48

openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.0	9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

lightopenid_project>>lightopenid>>Versions up to 1.3.1(inclusive)

CWE ID	Type	Source
CWE-918	Primary	nvd@nist.gov

Hyperlink	Source	Resource
https://marc.info/?l=openid-security&m=155477050605610&w=2	cve@mitre.org	Third Party Advisory