vulnerability

Debian: CVE-2024-52946: lemonldap-ng -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Nov 18, 2024	Dec 9, 2024	Mar 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Nov 18, 2024

Added

Dec 9, 2024

Modified

Mar 30, 2026

Description

An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value.

Solution

debian-upgrade-lemonldap-ng

References

CVE-2024-52946
https://attackerkb.com/topics/CVE-2024-52946
CWE-276
DEBIAN-DLA-3979-1
EUVD-EUVD-2024-45980
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-45980

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today