CVE-2024-52946
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-52946
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52946.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-52946
- Downstream
- Published
- 2024-11-18T06:15:06Z
- Modified
- 2025-10-22T04:49:27.782379Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value.
- References
Affected packages
Git / gitlab.ow2.org/lemonldap-ng/lemonldap-ng
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
debian/bookworm
debian/bullseye
debian/buster
ubuntu/disco
ubuntu/eoan
ubuntu/focal
ubuntu/groovy
ubuntu/hirsute
ubuntu/jammy
v2.*
v2.0.0
v2.0.1
v2.0.10
v2.0.11
v2.0.12
v2.0.13
v2.0.14
v2.0.15
v2.0.15.1
v2.0.16
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9
v2.16.1
v2.16.2
v2.17.0
v2.17.1
v2.17.2
v2.18.0
v2.18.1
v2.19.0
v2.19.1
v2.20.0