In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/37xxx/CVE-2022-37186.json",
"cna_assigner": "mitre",
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "2.0.15"
}
],
"source": "DESCRIPTION"
}
]
}