7.9

CVE-2023-38994

Exploit

EPSS 0.04%
Veröffentlicht 31.10.2023 12:15:08
Zuletzt bearbeitet 15.04.2025 22:15:15
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Univention ≫ Univention Corporate Server Version5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.095

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cve@mitre.org	7.9	1.5	5.8	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://forge.univention.org/bugzilla/show_bug.cgi?id=56324

Vendor Advisory

Issue Tracking

https://forge.univention.org/bugzilla/show_bug.cgi?id=56324#c0

Vendor Advisory

Issue Tracking

https://www.drive-byte.de/en/blog/simple-yet-effective-the-story-of-some-simple-bugs-that-led-to-the-complete-compromise-of-a-network

Third Party Advisory

Exploit

Technical Description

https://raeph123.github.io/BlogPosts/Univention/Simple_yet_effective_The_story_of_some_simple_bugs_that_led_to_the_complete_compromise_of_a_network_en.html

https://nvd.nist.gov/vuln/detail/CVE-2023-38994

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-38994

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-38994

EUVD