CVE-2024-52946

Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.20.1

Description: An issue allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value. This can allow unauthorized access or rights by increasing authentication levels.

Recommendations: For versions prior to 2.20.1, update to version 2.20.1 or later to resolve the issue. As a temporary workaround, consider reviewing and adjusting the configuration of "Adaptative authentication rules" to use absolute values instead of increments.