CVE-2022-37186
First published: Sun Apr 16 2023(Updated: )
In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| LemonLDAP::NG | <2.0.15 | |
| <2.0.15 |
Remedy
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/59c781b393947663ad3bf26bad0581413dd6fae4
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-37186?
The severity of CVE-2022-37186 is rated as medium with a CVSS score of 5.9.
How can I mitigate CVE-2022-37186?
To mitigate CVE-2022-37186, users are recommended to update LemonLDAP::NG to version 2.0.15 or later.
What can happen if LemonLDAP::NG sessions are not deleted according to the timeoutActivity setting?
If sessions are not deleted as intended, it can result in sessions not being cleared automatically leading to potential security risks and data exposure.
Is CVE-2022-37186 related to manual session removal in LemonLDAP::NG?
CVE-2022-37186 in LemonLDAP::NG is related to situations where manual removal of a session before it should be automatically deleted can cause sessions to not be cleared as expected.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/remedy
- agent/severity
- agent/description
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/lemonldap-ng
- canonical/lemonldap::ng