cnvd - cnvd-2022-53544

CNVD-2022-53544

Vulnerability from cnvd - Published: 2022-07-26

Title

LDAP Account Manager注入漏洞（CNVD-2022-53544）

Description

LDAP Account Manager是一个Web前端，用于管理存储在LDAP目录中的条目（例如用户、组、DHCP设置）。 LDAP Account Manager (LAM) 8.0之前版本存在注入漏洞，该漏洞源于错误的访问控制，攻击者可利用该漏洞通过登录时的用户名字段可用于枚举LDAP数据。

Severity

中

Patch Name

LDAP Account Manager注入漏洞（CNVD-2022-53544）的补丁

Patch Description

LDAP Account Manager是一个Web前端，用于管理存储在LDAP目录中的条目（例如用户、组、DHCP设置）。 LDAP Account Manager (LAM) 8.0之前版本存在注入漏洞，该漏洞源于错误的访问控制，攻击者可利用该漏洞通过登录时的用户名字段可用于枚举LDAP数据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-wxf8-9x99-6gp4

Reference

https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4

Impacted products

Name
Ldap account manager Ldap account manager <8.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-31088",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-31088"
    }
  },
  "description": "LDAP Account Manager\u662f\u4e00\u4e2aWeb\u524d\u7aef\uff0c\u7528\u4e8e\u7ba1\u7406\u5b58\u50a8\u5728LDAP\u76ee\u5f55\u4e2d\u7684\u6761\u76ee\uff08\u4f8b\u5982\u7528\u6237\u3001\u7ec4\u3001DHCP\u8bbe\u7f6e\uff09\u3002\n\nLDAP Account Manager (LAM) 8.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u7684\u8bbf\u95ee\u63a7\u5236\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u767b\u5f55\u65f6\u7684\u7528\u6237\u540d\u5b57\u6bb5\u53ef\u7528\u4e8e\u679a\u4e3eLDAP\u6570\u636e\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/LDAPAccountManager/lam/security/advisories/GHSA-wxf8-9x99-6gp4",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-53544",
  "openTime": "2022-07-26",
  "patchDescription": "LDAP Account Manager\u662f\u4e00\u4e2aWeb\u524d\u7aef\uff0c\u7528\u4e8e\u7ba1\u7406\u5b58\u50a8\u5728LDAP\u76ee\u5f55\u4e2d\u7684\u6761\u76ee\uff08\u4f8b\u5982\u7528\u6237\u3001\u7ec4\u3001DHCP\u8bbe\u7f6e\uff09\u3002\r\n\r\nLDAP Account Manager (LAM) 8.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u7684\u8bbf\u95ee\u63a7\u5236\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u767b\u5f55\u65f6\u7684\u7528\u6237\u540d\u5b57\u6bb5\u53ef\u7528\u4e8e\u679a\u4e3eLDAP\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "LDAP Account Manager\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2022-53544\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Ldap account manager Ldap account manager \u003c8.0"
  },
  "referenceLink": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4",
  "serverity": "\u4e2d",
  "submitTime": "2022-06-30",
  "title": "LDAP Account Manager\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2022-53544\uff09"
}

CVE-2022-31088 (GCVE-0-2022-31088)

Vulnerability from cvelistv5 – Published: 2022-06-27 20:45 – Updated: 2025-04-23 18:07

Title

Unauthenticated LDAP Injection in ldap-account-manager

Summary

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed in version 8.0.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/LDAPAccountManager/lam/securit…	x_refsource_CONFIRM
	https://github.com/LDAPAccountManager/lam/commit/…	x_refsource_MISC
	https://www.debian.org/security/2022/dsa-5177	vendor-advisoryx_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	LDAPAccountManager	lam	Affected: < 8.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:11:39.507Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-wxf8-9x99-6gp4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4"
          },
          {
            "name": "DSA-5177",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5177"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-31088",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:53:57.287703Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T18:07:24.243Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "lam",
          "vendor": "LDAPAccountManager",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 8.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed in version 8.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-06T10:06:39.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-wxf8-9x99-6gp4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4"
        },
        {
          "name": "DSA-5177",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5177"
        }
      ],
      "source": {
        "advisory": "GHSA-wxf8-9x99-6gp4",
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated LDAP Injection in ldap-account-manager",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-31088",
          "STATE": "PUBLIC",
          "TITLE": "Unauthenticated LDAP Injection in ldap-account-manager"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "lam",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 8.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "LDAPAccountManager"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed in version 8.0."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-wxf8-9x99-6gp4",
              "refsource": "CONFIRM",
              "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-wxf8-9x99-6gp4"
            },
            {
              "name": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4",
              "refsource": "MISC",
              "url": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4"
            },
            {
              "name": "DSA-5177",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5177"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-wxf8-9x99-6gp4",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-31088",
    "datePublished": "2022-06-27T20:45:18.000Z",
    "dateReserved": "2022-05-18T00:00:00.000Z",
    "dateUpdated": "2025-04-23T18:07:24.243Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-53544

CVE-2022-31088 (GCVE-0-2022-31088)

Tags

Sightings

Nomenclature