CVE-2024-52946

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-52946

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52946.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-52946

Related

UBUNTU-CVE-2024-52946

Published

2024-11-18T06:15:06Z

Modified

2025-07-05T10:52:17.951658Z

Downstream

DLA-3979-1

Summary

[none]

Details

An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value.

References

Affected packages

Debian:11 / lemonldap-ng

Package

Name: lemonldap-ng
Purl: pkg:deb/debian/lemonldap-ng?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.11+ds-4+deb11u6

Affected versions

2.*

2.0.11+ds-4

2.0.11+ds-4+deb11u1

2.0.11+ds-4+deb11u2

2.0.11+ds-4+deb11u4

2.0.11+ds-4+deb11u5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / lemonldap-ng

Package

Name: lemonldap-ng
Purl: pkg:deb/debian/lemonldap-ng?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.1+ds-deb12u4

Affected versions

2.*

2.16.1+ds-2

2.16.1+ds-deb12u1

2.16.1+ds-deb12u2

2.16.1+ds-deb12u3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / lemonldap-ng

Package

Name: lemonldap-ng
Purl: pkg:deb/debian/lemonldap-ng?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.20.1+ds-1

Affected versions

2.*

2.16.1+ds-2

2.16.1+ds-deb12u1

2.16.1+ds-deb12u2

2.16.1+ds-deb12u3

2.16.1+ds-deb12u4

2.16.1+ds-deb12u5

2.16.1+ds-deb12u6

2.16.2+ds-1

2.17.0+ds-1~bpo12+1

2.17.0+ds-1

2.17.0+ds2-1~bpo11+1

2.17.0+ds2-1

2.17.1+ds-1

2.17.2+ds-1

2.17.2+ds-2~bpo11+1

2.17.2+ds-2~bpo12+1

2.17.2+ds-2

2.18.1+ds-1~bpo10+1

2.18.1+ds-1~bpo11+1

2.18.1+ds-1~bpo12+1

2.18.1+ds-1

2.18.2+ds-1~bpo10+1

2.18.2+ds-1~bpo11+1

2.18.2+ds-1~bpo12+1

2.18.2+ds-1

2.19.0+ds-1

2.19.0+ds-2~bpo11+1

2.19.0+ds-2~bpo12+1

2.19.0+ds-2

2.19.1+ds-1

2.19.1+ds-2

2.19.1+ds-3~bpo12+1

2.19.1+ds-3

2.19.1+ds-4

2.19.2+ds-1~bpo11+1

2.19.2+ds-1~bpo12+1

2.19.2+ds-1

2.20.0+ds-1

2.20.0+ds-2~bpo12+1

2.20.0+ds-2

2.20.1+ds-1~bpo12+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.ow2.org/lemonldap-ng/lemonldap-ng

Affected ranges

Type: GIT
Repo: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fe2718cc2dd849966f690fb995d96f9ea391fa3f

Affected versions

Other

debian/bookworm

debian/bullseye

debian/buster

ubuntu/disco

ubuntu/eoan

ubuntu/focal

ubuntu/groovy

ubuntu/hirsute

ubuntu/jammy

v2.*

v2.0.0

v2.0.1

v2.0.10

v2.0.11

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.15.1

v2.0.16

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.0.9

v2.16.1

v2.16.2

v2.17.0

v2.17.1

v2.17.2

v2.18.0

v2.18.1

v2.19.0

v2.19.1

v2.20.0