OpenCVE

In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lemonldap-ng	Lemonldap\

Configuration 1 [-]

cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/59c781b393947663ad3bf26bad0581413dd6fae4
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2758
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/releases/v2.0.15
https://lists.debian.org/debian-lts-announce/2023/01/msg00027.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-04-16T00:00:00

Updated: 2024-08-03T10:21:33.257Z

Reserved: 2022-08-01T00:00:00

Link: CVE-2022-37186

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-04-16T02:15:07.660

Modified: 2024-11-21T07:14:35.093

Link: CVE-2022-37186

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lemonldap-ng:lemonldap\\:\\:ng:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C10AD2F-A145-4CB1-B8D8-E3AFE3001DF5", "versionEndExcluding": "2.0.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically."}], "id": "CVE-2022-37186", "lastModified": "2024-11-21T07:14:35.093", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-16T02:15:07.660", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/59c781b393947663ad3bf26bad0581413dd6fae4"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2758"}, {"source": "cve@mitre.org", "tags": ["Patch", "Release Notes"], "url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/releases/v2.0.15"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00027.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/59c781b393947663ad3bf26bad0581413dd6fae4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2758"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Release Notes"], "url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/releases/v2.0.15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00027.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}]}