CVE-2023-38994

Sažetak

The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users.

Reference

https://forge.univention.org/bugzilla/show_bug.cgi?id=56324
https://forge.univention.org/bugzilla/show_bug.cgi?id=56324#c0
https://raeph123.github.io/BlogPosts/Univention/Simple_yet_effective_The_story_of_some_simple_bugs_that_led_to_the_complete_compromise_of_a_network_en.html
https://www.drive-byte.de/en/blog/simple-yet-effective-the-story-of-some-simple-bugs-that-led-to-the-complete-compromise-of-a-network
https://forge.univention.org/bugzilla/show_bug.cgi?id=56324
https://forge.univention.org/bugzilla/show_bug.cgi?id=56324#c0
https://www.drive-byte.de/en/blog/simple-yet-effective-the-story-of-some-simple-bugs-that-led-to-the-complete-compromise-of-a-network

CVSS

Base:	7.9
Impact:	5.8
Exploitability:	1.5

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Zadnje važnije ažuriranje

15-04-2025 - 22:15

Objavljeno

31-10-2023 - 12:15