Vulnerabilities > CVE-2023-38994 - Exposure of Resource to Wrong Sphere vulnerability in Univention Corporate Server 5.0

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

univention

CWE-668

NVD

Published: 2023-10-31

Updated: 2024-01-31

Summary

The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users.

Vulnerable Configurations

Part	Description	Count
OS	Univention Univention Univention Corporate Server 5.0	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://www.drive-byte.de/en/blog/simple-yet-effective-the-story-of-some-simple-bugs-that-led-to-the-complete-compromise-of-a-network
https://forge.univention.org/bugzilla/show_bug.cgi?id=56324#c0
https://forge.univention.org/bugzilla/show_bug.cgi?id=56324