CVE-2023-38994
HIGHunivention_corporate_server 5.0-5 - Exposure of LDAP Credentials in Process List
Title source: llmDescription
The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users.
References (4)
Core 4
Core References
Issue Tracking, Vendor Advisory
https://forge.univention.org/bugzilla/show_bug.cgi?id=56324
Issue Tracking, Vendor Advisory
https://forge.univention.org/bugzilla/show_bug.cgi?id=56324#c0
Exploit, Technical Description, Third Party Advisory
https://www.drive-byte.de/en/blog/simple-yet-effective-the-story-of-some-simple-bugs-that-led-to-the-complete-compromise-of-a-network
Scores
CVSS v3
7.9
EPSS
0.0035
EPSS Percentile
26.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Details
CWE
CWE-668
Status
published
Products (1)
univention/univention_corporate_server
5.0
Published
Oct 31, 2023
Tracked Since
Feb 18, 2026