{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23333", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-15T15:19:19.442Z", "datePublished": "2024-03-18T21:07:09.513Z", "dateUpdated": "2024-08-21T15:04:56.308Z"}, "containers": {"cna": {"title": "LAM vulnerable to Authenticated Remote Code Execution", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv"}, {"name": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7", "tags": ["x_refsource_MISC"], "url": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7"}], "affected": [{"vendor": "LDAPAccountManager", "product": "lam", "versions": [{"version": "< 8.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-18T21:07:09.513Z"}, "descriptions": [{"lang": "en", "value": "LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM's master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users.\n"}], "source": {"advisory": "GHSA-fm9w-7m7v-wxqv", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.212Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv"}, {"name": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-21T15:04:47.680234Z", "id": "CVE-2024-23333", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T15:04:56.308Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv", "name": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7", "name": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.212Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23333", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-21T15:04:47.680234Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T15:04:52.986Z"}}], "cna": {"title": "LAM vulnerable to Authenticated Remote Code Execution", "source": {"advisory": "GHSA-fm9w-7m7v-wxqv", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "LDAPAccountManager", "product": "lam", "versions": [{"status": "affected", "version": "< 8.7"}]}], "references": [{"url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv", "name": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7", "name": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM's master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-18T21:07:09.513Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23333", "state": "PUBLISHED", "dateUpdated": "2024-08-21T15:04:56.308Z", "dateReserved": "2024-01-15T15:19:19.442Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-18T21:07:09.513Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM's master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users.\n"}, {"lang": "es", "value": "LDAP Account Manager (LAM) es una interfaz web para administrar entradas almacenadas en un directorio LDAP. La configuraci\u00f3n de registro de LAM permite especificar rutas arbitrarias para archivos de registro. Antes de la versi\u00f3n 8.7, un atacante pod\u00eda aprovechar esto creando un archivo PHP y hacer que LAM registrara alg\u00fan c\u00f3digo PHP en este archivo. Cuando se accede al archivo a trav\u00e9s de la web, se ejecutar\u00e1 el c\u00f3digo. El problema se mitiga con lo siguiente: un atacante necesita conocer la contrase\u00f1a de configuraci\u00f3n maestra de LAM para poder cambiar la configuraci\u00f3n principal; y el servidor web necesita acceso de escritura a un directorio al que se pueda acceder a trav\u00e9s de la web. La propia LAM no proporciona dichos directorios. El problema se solucion\u00f3 en 8.7. Como workaround, limite el acceso a las p\u00e1ginas de configuraci\u00f3n de LAM a usuarios autorizados."}], "id": "CVE-2024-23333", "lastModified": "2024-03-19T13:26:46.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-03-18T21:15:06.473", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7"}, {"source": "security-advisories@github.com", "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}