CVE-2023-38994

HIGH Year: 2023
CVSS v3 Score
7.8
High
Weakness Type
CWE-668
View all →

Vulnerability Description

The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users.

Related Vulnerabilities

CVE-2014-0023

HIGH
CVSS:7.8(High)

OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution

CWE-6682014

CVE-2017-8185

HIGH
CVSS:7.8(High)

ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing ...

CWE-6682017

CVE-2018-10361

HIGH
CVSS:7.8(High)

An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow...

CWE-6682018

CVE-2018-15591

HIGH
CVSS:7.8(High)

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by lev...

CWE-6682018

CVE-2019-15341

HIGH
CVSS:7.8(High)

The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com...

CWE-6682019

CVE-2019-15345

HIGH
CVSS:7.8(High)

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovel...

CWE-6682019