Vulnerability Description
The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Univention | Univention Corporate Server | 5.0 |
Related Weaknesses (CWE)
References
- https://forge.univention.org/bugzilla/show_bug.cgi?id=56324Issue TrackingVendor Advisory
- https://forge.univention.org/bugzilla/show_bug.cgi?id=56324#c0Issue TrackingVendor Advisory
- https://raeph123.github.io/BlogPosts/Univention/Simple_yet_effective_The_story_o
- https://www.drive-byte.de/en/blog/simple-yet-effective-the-story-of-some-simple-ExploitTechnical DescriptionThird Party Advisory
- https://forge.univention.org/bugzilla/show_bug.cgi?id=56324Issue TrackingVendor Advisory
- https://forge.univention.org/bugzilla/show_bug.cgi?id=56324#c0Issue TrackingVendor Advisory
- https://www.drive-byte.de/en/blog/simple-yet-effective-the-story-of-some-simple-ExploitTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2023-38994?
CVE-2023-38994 is a vulnerability with a CVSS score of 7.9 (HIGH). The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with ...
How severe is CVE-2023-38994?
CVE-2023-38994 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-38994?
Check the references section above for vendor advisories and patch information. Affected products include: Univention Univention Corporate Server.