Описание
An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| lemonldap-ng | fixed | 2.20.1+ds-1 | package | |
| lemonldap-ng | fixed | 2.16.1+ds-deb12u4 | bookworm | package |
Примечания
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3255
Fixed by: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/63a045e4a4ad579559cfe04e644b0cefe2f1137b (v2.20.1)
Fixed by: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/065b71ba4e97d7f8dbfe61900e9d4d587109f11b (v2.20.1)
Связанные уязвимости
An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value.
An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value.
An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value.