CVE-2022-37186

CVSS V2 None CVSS V3 None

Description

In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically.

Overview

CVE ID
CVE-2022-37186

Assigner
cve@mitre.org

Vulnerability Status
Analyzed

Published Version
2023-04-16T02:15:07

Last Modified Date
2023-04-26T16:30:17

Weakness Enumerations

CWE	URL
CWE-613	http://cwe.mitre.org/data/definitions/613.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng::::::::	1	OR		2.0.15

References

Reference URL	Reference Tags
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/59c781b393947663ad3bf26bad0581413dd6fae4
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2758
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/releases/v2.0.15
https://lists.debian.org/debian-lts-announce/2023/01/msg00027.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-37186
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37186

History

Created	Old Value	New Value	Data Type	Notes
2023-04-17 04:48:23				Added to TrackCVE
2023-04-17 14:01:40		2023-04-17T13:12:43	CVE Modified Date	updated
2023-04-17 14:01:40	Received	Awaiting Analysis	Vulnerability Status	updated
2023-04-20 15:01:15	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2023-04-26 17:01:06		2023-04-26T16:30:17	CVE Modified Date	updated
2023-04-26 17:01:06	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2023-04-26 17:01:08			Weakness Enumeration	new
2023-04-26 17:01:11			CPE Information	updated