CVE-2024-52946

CVSS 8.8 HIGHEPSS 0.5%CWE-276

An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3255 https://lists.debian.org/debian-lts-announce/2024/11/msg00037.html