CVE-2019-1010283 - OpenCVE

Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Univention	Univention Corporate Server

Configuration 1 [-]

cpe:2.3:o:univention:univention_corporate_server:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://forge.univention.org/bugzilla/show_bug.cgi?id=48427
https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34

History

No history.

MITRE

Status: PUBLISHED

Assigner: dwf

Published: 2019-07-17T20:04:58

Updated: 2024-08-05T03:07:18.517Z

Reserved: 2019-03-20T00:00:00

Link: CVE-2019-1010283

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-07-17T21:15:11.013

Modified: 2023-09-21T18:27:26.013

Link: CVE-2019-1010283

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "univention-directory-notifier", "vendor": "Univention Corporate Server", "versions": [{"status": "affected", "version": "12.0.1-3 and earlier [fixed: 12.0.1-4 and later]"}]}], "descriptions": [{"lang": "en", "value": "Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-213", "description": "CWE-213: Intentional Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-07-17T20:04:58", "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "shortName": "dwf"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34"}, {"tags": ["x_refsource_MISC"], "url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010283", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "univention-directory-notifier", "version": {"version_data": [{"version_value": "12.0.1-3 and earlier [fixed: 12.0.1-4 and later]"}]}}]}, "vendor_name": "Univention Corporate Server"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-213: Intentional Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34", "refsource": "MISC", "url": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34"}, {"name": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427", "refsource": "MISC", "url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:07:18.517Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427"}]}]}, "cveMetadata": {"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "assignerShortName": "dwf", "cveId": "CVE-2019-1010283", "datePublished": "2019-07-17T20:04:58", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2024-08-05T03:07:18.517Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:univention:univention_corporate_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "3303CE7F-26C3-4317-9374-839FB391EB39", "versionEndIncluding": "12.0.1-3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later."}, {"lang": "es", "value": "univention-directory-notifier versi\u00f3n 12.0.1-3 y anteriores de Univention Corporate Server, est\u00e1 afectada por: CWE-213: Exposici\u00f3n Intencional de Informaci\u00f3n. El impacto es: P\u00e9rdida de Confidencialidad. El componente es: funci\u00f3n data_on_connection() en el archivo src/callback.c. El vector de ataque es: conectividad de red. La versi\u00f3n corregida es: 12.0.1-4 y posteriores."}], "id": "CVE-2019-1010283", "lastModified": "2023-09-21T18:27:26.013", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-17T21:15:11.013", "references": [{"source": "josh@bress.net", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427"}, {"source": "josh@bress.net", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34"}], "sourceIdentifier": "josh@bress.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-213"}], "source": "josh@bress.net", "type": "Secondary"}]}