CVE-2022-24851

Exploit

EPSS 0.94%
Published 15.04.2022 19:15:12
Last modified 21.11.2024 06:51:14
Source security-advisories@github.com
Teams watchlist Login
Open Login

LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS payloads in the profiles, which gets triggered when any other user try to access the edit profile page. The pdf editor tool has an edit pdf profile functionality, the logoFile parameter in it is not properly sanitized and an user can enter relative paths like ../../../../../../../../../../../../../usr/share/icons/hicolor/48x48/apps/gvim.png via tools like burpsuite. Later when a pdf is exported using the edited profile the pdf icon has the image on that path(if image is present). Both issues require an attacker to be able to login to LAM admin interface. The issue is fixed in version 7.9.1.

Affected products Warnungen 0 Metrics 4 CWE 2 References 7

Data is provided by the National Vulnerability Database (NVD)

Ldap-account-manager ≫ Ldap Account Manager Version < 7.9.1

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.94%	0.754

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.8	1.7	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N
security-advisories@github.com	8.1	1.7	5.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/LDAPAccountManager/lam/commit/3c6f09a3579e048e224eb5a4c4e3eefaa8bccd49

Patch

Third Party Advisory

https://github.com/LDAPAccountManager/lam/issues/170

Patch

Third Party Advisory

Exploit

https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-f2fr-cccr-583v

Patch

Third Party Advisory

https://www.debian.org/security/2022/dsa-5177

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-24851

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-24851

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-24851

EUVD