CVE-2024-52946: 
Linux Debian vulnerability analysis and mitigation

An issue was discovered in LemonLDAP::NG before version 2.20.1, identified as CVE-2024-52946. The vulnerability involves an Improper Check during session refresh that allows an authenticated user to raise their authentication level if the administrator has configured an 'Adaptative authentication rule' with an increment instead of an absolute value (NVD).

The vulnerability stems from an improper check in the session refresh mechanism. When an authenticated user clicks on 'Refresh my rights', the adaptive authentication rule is triggered again, causing the authentication level to increase multiple times. This occurs specifically when administrators configure adaptive authentication rules using increment values (e.g., '+2') rather than absolute values. The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) (NVD).

The vulnerability allows authenticated users to escalate their authentication level beyond intended limits. This elevated authentication level could potentially grant access to applications and resources that should be restricted, effectively bypassing the intended access control mechanisms (GitLab Issue).

The vulnerability has been fixed in LemonLDAP::NG version 2.20.1. Organizations should upgrade to this version or later to address the security issue. For systems that cannot be immediately upgraded, administrators should review and modify any adaptive authentication rules that use increment values (NVD).