CVE-2019-1010283 - Vulnerability Details - OpenCVE

Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.0027.

Key SSVC decision points have not yet been added.

Vendors	Products
Univention	Univention Corporate Server

Configuration 1 [-]

cpe:2.3:o:univention:univention_corporate_server:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2019-2019	Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://forge.univention.org/bugzilla/show_bug.cgi?id=48427
https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34

History

No history.

MITRE

Status: PUBLISHED

Assigner: dwf

Published: 2019-07-17T20:04:58

Updated: 2024-08-05T03:07:18.517Z

Reserved: 2019-03-20T00:00:00

Link: CVE-2019-1010283

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-07-17T21:15:11.013

Modified: 2024-11-21T04:18:07.260

Link: CVE-2019-1010283

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "univention-directory-notifier", "vendor": "Univention Corporate Server", "versions": [{"status": "affected", "version": "12.0.1-3 and earlier [fixed: 12.0.1-4 and later]"}]}], "descriptions": [{"lang": "en", "value": "Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-213", "description": "CWE-213: Intentional Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-07-17T20:04:58", "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "shortName": "dwf"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34"}, {"tags": ["x_refsource_MISC"], "url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010283", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "univention-directory-notifier", "version": {"version_data": [{"version_value": "12.0.1-3 and earlier [fixed: 12.0.1-4 and later]"}]}}]}, "vendor_name": "Univention Corporate Server"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-213: Intentional Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34", "refsource": "MISC", "url": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34"}, {"name": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427", "refsource": "MISC", "url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:07:18.517Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427"}]}]}, "cveMetadata": {"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "assignerShortName": "dwf", "cveId": "CVE-2019-1010283", "datePublished": "2019-07-17T20:04:58", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2024-08-05T03:07:18.517Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:univention:univention_corporate_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "3303CE7F-26C3-4317-9374-839FB391EB39", "versionEndIncluding": "12.0.1-3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later."}, {"lang": "es", "value": "univention-directory-notifier versi\u00f3n 12.0.1-3 y anteriores de Univention Corporate Server, est\u00e1 afectada por: CWE-213: Exposici\u00f3n Intencional de Informaci\u00f3n. El impacto es: P\u00e9rdida de Confidencialidad. El componente es: funci\u00f3n data_on_connection() en el archivo src/callback.c. El vector de ataque es: conectividad de red. La versi\u00f3n corregida es: 12.0.1-4 y posteriores."}], "id": "CVE-2019-1010283", "lastModified": "2024-11-21T04:18:07.260", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-17T21:15:11.013", "references": [{"source": "josh@bress.net", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427"}, {"source": "josh@bress.net", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34"}], "sourceIdentifier": "josh@bress.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-213"}], "source": "josh@bress.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}