Vulnerabilites related to univention - univention_corporate_server
Vulnerability from fkie_nvd
Published
2023-10-31 12:15
Modified
2025-04-15 22:15
Severity ?
7.9 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| univention | univention_corporate_server | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:univention:univention_corporate_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87FB6001-5827-44DC-88F1-EB4FE5E3BD34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \u0027check_univention_joinstatus\u0027 prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users."
},
{
"lang": "es",
"value": "Un problema en Univention UCS v.5.0 permite a un atacante local ejecutar c\u00f3digo arbitrario y obtener privilegios a trav\u00e9s de la funci\u00f3n check_univention_joinstatus."
}
],
"id": "CVE-2023-38994",
"lastModified": "2025-04-15T22:15:15.103",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 5.8,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-31T12:15:08.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=56324"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=56324#c0"
},
{
"source": "cve@mitre.org",
"url": "https://raeph123.github.io/BlogPosts/Univention/Simple_yet_effective_The_story_of_some_simple_bugs_that_led_to_the_complete_compromise_of_a_network_en.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.drive-byte.de/en/blog/simple-yet-effective-the-story-of-some-simple-bugs-that-led-to-the-complete-compromise-of-a-network"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=56324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=56324#c0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.drive-byte.de/en/blog/simple-yet-effective-the-story-of-some-simple-bugs-that-led-to-the-complete-compromise-of-a-network"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-17 21:15
Modified
2024-11-21 04:18
Severity ?
Summary
Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| josh@bress.net | https://forge.univention.org/bugzilla/show_bug.cgi?id=48427 | Exploit, Issue Tracking, Vendor Advisory | |
| josh@bress.net | https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forge.univention.org/bugzilla/show_bug.cgi?id=48427 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| univention | univention_corporate_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:univention:univention_corporate_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3303CE7F-26C3-4317-9374-839FB391EB39",
"versionEndIncluding": "12.0.1-3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later."
},
{
"lang": "es",
"value": "univention-directory-notifier versi\u00f3n 12.0.1-3 y anteriores de Univention Corporate Server, est\u00e1 afectada por: CWE-213: Exposici\u00f3n Intencional de Informaci\u00f3n. El impacto es: P\u00e9rdida de Confidencialidad. El componente es: funci\u00f3n data_on_connection() en el archivo src/callback.c. El vector de ataque es: conectividad de red. La versi\u00f3n corregida es: 12.0.1-4 y posteriores."
}
],
"id": "CVE-2019-1010283",
"lastModified": "2024-11-21T04:18:07.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-17T21:15:11.013",
"references": [
{
"source": "josh@bress.net",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427"
},
{
"source": "josh@bress.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34"
}
],
"sourceIdentifier": "josh@bress.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-213"
}
],
"source": "josh@bress.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-38994 (GCVE-0-2023-38994)
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2025-04-15 22:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=56324"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.drive-byte.de/en/blog/simple-yet-effective-the-story-of-some-simple-bugs-that-led-to-the-complete-compromise-of-a-network"
},
{
"tags": [
"x_transferred"
],
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=56324#c0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The \u0027check_univention_joinstatus\u0027 prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:N/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T22:09:15.651Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=56324"
},
{
"url": "https://www.drive-byte.de/en/blog/simple-yet-effective-the-story-of-some-simple-bugs-that-led-to-the-complete-compromise-of-a-network"
},
{
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=56324#c0"
},
{
"url": "https://raeph123.github.io/BlogPosts/Univention/Simple_yet_effective_The_story_of_some_simple_bugs_that_led_to_the_complete_compromise_of_a_network_en.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38994",
"datePublished": "2023-10-31T00:00:00.000Z",
"dateReserved": "2023-07-25T00:00:00.000Z",
"dateUpdated": "2025-04-15T22:09:15.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1010283 (GCVE-0-2019-1010283)
Vulnerability from cvelistv5
Published
2019-07-17 20:04
Modified
2024-08-05 03:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-213 - Intentional Information Exposure
Summary
Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Univention Corporate Server | univention-directory-notifier |
Version: 12.0.1-3 and earlier [fixed: 12.0.1-4 and later] |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "univention-directory-notifier",
"vendor": "Univention Corporate Server",
"versions": [
{
"status": "affected",
"version": "12.0.1-3 and earlier [fixed: 12.0.1-4 and later]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-213",
"description": "CWE-213: Intentional Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-17T20:04:58",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "univention-directory-notifier",
"version": {
"version_data": [
{
"version_value": "12.0.1-3 and earlier [fixed: 12.0.1-4 and later]"
}
]
}
}
]
},
"vendor_name": "Univention Corporate Server"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-213: Intentional Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34",
"refsource": "MISC",
"url": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34"
},
{
"name": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427",
"refsource": "MISC",
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010283",
"datePublished": "2019-07-17T20:04:58",
"dateReserved": "2019-03-20T00:00:00",
"dateUpdated": "2024-08-05T03:07:18.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}