Vulnerability Description
In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lemonldap-Ng | Lemonldap\ | < 2.0.15, \ |
Related Weaknesses (CWE)
References
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/59c781b393947663ad3bf2Patch
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2758ExploitIssue TrackingPatch
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/releases/v2.0.15PatchRelease Notes
- https://lists.debian.org/debian-lts-announce/2023/01/msg00027.htmlMailing ListThird Party Advisory
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/59c781b393947663ad3bf2Patch
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2758ExploitIssue TrackingPatch
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/releases/v2.0.15PatchRelease Notes
- https://lists.debian.org/debian-lts-announce/2023/01/msg00027.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2022-37186?
CVE-2022-37186 is a vulnerability with a CVSS score of 5.9 (MEDIUM). In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a s...
How severe is CVE-2022-37186?
CVE-2022-37186 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-37186?
Check the references section above for vendor advisories and patch information. Affected products include: Lemonldap-Ng Lemonldap\.