CVE-2024-52946

Published: Nov 18, 2024Modified: Nov 3, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value.

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3255

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2024/11/msg00037.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.