UBUNTU-CVE-2024-52946
- Source
- https://ubuntu.com/security/CVE-2024-52946
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-52946.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-52946
- Upstream
- Published
- 2024-11-18T06:15:00Z
- Modified
- 2025-10-24T05:14:30Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value.
- References
Affected packages
Ubuntu:16.04:LTS / lemonldap-ng
Package
- Name
- lemonldap-ng
- Purl
- pkg:deb/ubuntu/lemonldap-ng@1.4.6-3?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "lemonldap-ng",
"binary_version": "1.4.6-3"
},
{
"binary_name": "liblemonldap-ng-common-perl",
"binary_version": "1.4.6-3"
},
{
"binary_name": "liblemonldap-ng-conf-perl",
"binary_version": "1.4.6-3"
},
{
"binary_name": "liblemonldap-ng-handler-perl",
"binary_version": "1.4.6-3"
},
{
"binary_name": "liblemonldap-ng-manager-perl",
"binary_version": "1.4.6-3"
},
{
"binary_name": "liblemonldap-ng-portal-perl",
"binary_version": "1.4.6-3"
}
]
}
Ubuntu:18.04:LTS / lemonldap-ng
Package
- Name
- lemonldap-ng
- Purl
- pkg:deb/ubuntu/lemonldap-ng@1.9.16-2?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "lemonldap-ng",
"binary_version": "1.9.16-2"
},
{
"binary_name": "lemonldap-ng-fastcgi-server",
"binary_version": "1.9.16-2"
},
{
"binary_name": "lemonldap-ng-handler",
"binary_version": "1.9.16-2"
},
{
"binary_name": "liblemonldap-ng-common-perl",
"binary_version": "1.9.16-2"
},
{
"binary_name": "liblemonldap-ng-handler-perl",
"binary_version": "1.9.16-2"
},
{
"binary_name": "liblemonldap-ng-manager-perl",
"binary_version": "1.9.16-2"
},
{
"binary_name": "liblemonldap-ng-portal-perl",
"binary_version": "1.9.16-2"
}
]
}
Ubuntu:20.04:LTS / lemonldap-ng
Package
- Name
- lemonldap-ng
- Purl
- pkg:deb/ubuntu/lemonldap-ng@2.0.7+ds-2?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "lemonldap-ng",
"binary_version": "2.0.7+ds-2"
},
{
"binary_name": "lemonldap-ng-fastcgi-server",
"binary_version": "2.0.7+ds-2"
},
{
"binary_name": "lemonldap-ng-handler",
"binary_version": "2.0.7+ds-2"
},
{
"binary_name": "lemonldap-ng-uwsgi-app",
"binary_version": "2.0.7+ds-2"
},
{
"binary_name": "liblemonldap-ng-common-perl",
"binary_version": "2.0.7+ds-2"
},
{
"binary_name": "liblemonldap-ng-handler-perl",
"binary_version": "2.0.7+ds-2"
},
{
"binary_name": "liblemonldap-ng-manager-perl",
"binary_version": "2.0.7+ds-2"
},
{
"binary_name": "liblemonldap-ng-portal-perl",
"binary_version": "2.0.7+ds-2"
}
]
}
Ubuntu:22.04:LTS / lemonldap-ng
Package
- Name
- lemonldap-ng
- Purl
- pkg:deb/ubuntu/lemonldap-ng@2.0.13+ds-3ubuntu1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "lemonldap-ng",
"binary_version": "2.0.13+ds-3ubuntu1"
},
{
"binary_name": "lemonldap-ng-fastcgi-server",
"binary_version": "2.0.13+ds-3ubuntu1"
},
{
"binary_name": "lemonldap-ng-handler",
"binary_version": "2.0.13+ds-3ubuntu1"
},
{
"binary_name": "lemonldap-ng-uwsgi-app",
"binary_version": "2.0.13+ds-3ubuntu1"
},
{
"binary_name": "liblemonldap-ng-common-perl",
"binary_version": "2.0.13+ds-3ubuntu1"
},
{
"binary_name": "liblemonldap-ng-handler-perl",
"binary_version": "2.0.13+ds-3ubuntu1"
},
{
"binary_name": "liblemonldap-ng-manager-perl",
"binary_version": "2.0.13+ds-3ubuntu1"
},
{
"binary_name": "liblemonldap-ng-portal-perl",
"binary_version": "2.0.13+ds-3ubuntu1"
}
]
}
Ubuntu:24.04:LTS / lemonldap-ng
Package
- Name
- lemonldap-ng
- Purl
- pkg:deb/ubuntu/lemonldap-ng@2.18.2+ds-1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "lemonldap-ng",
"binary_version": "2.18.2+ds-1"
},
{
"binary_name": "lemonldap-ng-fastcgi-server",
"binary_version": "2.18.2+ds-1"
},
{
"binary_name": "lemonldap-ng-handler",
"binary_version": "2.18.2+ds-1"
},
{
"binary_name": "lemonldap-ng-uwsgi-app",
"binary_version": "2.18.2+ds-1"
},
{
"binary_name": "liblemonldap-ng-common-perl",
"binary_version": "2.18.2+ds-1"
},
{
"binary_name": "liblemonldap-ng-handler-perl",
"binary_version": "2.18.2+ds-1"
},
{
"binary_name": "liblemonldap-ng-manager-perl",
"binary_version": "2.18.2+ds-1"
},
{
"binary_name": "liblemonldap-ng-portal-perl",
"binary_version": "2.18.2+ds-1"
},
{
"binary_name": "liblemonldap-ng-ssoaas-apache-client-perl",
"binary_version": "2.18.2+ds-1"
}
]
}