CVE-2024-52946 — Incorrect Default Permissions in Lemonldap-ng

CWE-276 — Incorrect Default Permissions4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 63.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Lemonldap-ng

Timeline

PublishedNov 18

Description

An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶debiandebian/lemonldap-ng< lemonldap-ng 2.16.1+ds-deb12u4 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-3r2v-8348-hx3r: An issue was discovered in LemonLDAP::NG before 2↗2024-11-18

▶

OSV

CVE-2024-52946: An issue was discovered in LemonLDAP::NG before 2↗2024-11-18

▶

📋Vendor Advisories

Debian

CVE-2024-52946: lemonldap-ng - An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during...↗2024

▶