cnvd - cnvd-2022-53547

CNVD-2022-53547

Vulnerability from cnvd - Published: 2022-07-26

Title

LDAP Account Manager跨站脚本漏洞（CNVD-2022-53547）

Description

LDAP Account Manager是一个Web前端，用于管理存储在LDAP目录中的条目（例如用户、组、DHCP设置）。 LDAP Account Manager (LAM) 8.0之前版本存在跨站脚本漏洞，该漏洞源于如果未安装PHP OpenSSL扩展或配置禁用加密，会话文件会以明文形式包含LDAP用户名和密码，攻击者可利用该漏洞获取敏感信息。

Severity

中

Patch Name

LDAP Account Manager跨站脚本漏洞（CNVD-2022-53547）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6m3q-5c84-6h6j

Reference

https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6m3q-5c84-6h6j

Impacted products

Name
Ldap account manager Ldap account manager <8.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-31085",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-31085"
    }
  },
  "description": "LDAP Account Manager\u662f\u4e00\u4e2aWeb\u524d\u7aef\uff0c\u7528\u4e8e\u7ba1\u7406\u5b58\u50a8\u5728LDAP\u76ee\u5f55\u4e2d\u7684\u6761\u76ee\uff08\u4f8b\u5982\u7528\u6237\u3001\u7ec4\u3001DHCP\u8bbe\u7f6e\uff09\u3002\n\nLDAP Account Manager (LAM) 8.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5982\u679c\u672a\u5b89\u88c5PHP OpenSSL\u6269\u5c55\u6216\u914d\u7f6e\u7981\u7528\u52a0\u5bc6\uff0c\u4f1a\u8bdd\u6587\u4ef6\u4f1a\u4ee5\u660e\u6587\u5f62\u5f0f\u5305\u542bLDAP\u7528\u6237\u540d\u548c\u5bc6\u7801\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6m3q-5c84-6h6j",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-53547",
  "openTime": "2022-07-26",
  "patchDescription": "LDAP Account Manager\u662f\u4e00\u4e2aWeb\u524d\u7aef\uff0c\u7528\u4e8e\u7ba1\u7406\u5b58\u50a8\u5728LDAP\u76ee\u5f55\u4e2d\u7684\u6761\u76ee\uff08\u4f8b\u5982\u7528\u6237\u3001\u7ec4\u3001DHCP\u8bbe\u7f6e\uff09\u3002\r\n\r\nLDAP Account Manager (LAM) 8.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5982\u679c\u672a\u5b89\u88c5PHP OpenSSL\u6269\u5c55\u6216\u914d\u7f6e\u7981\u7528\u52a0\u5bc6\uff0c\u4f1a\u8bdd\u6587\u4ef6\u4f1a\u4ee5\u660e\u6587\u5f62\u5f0f\u5305\u542bLDAP\u7528\u6237\u540d\u548c\u5bc6\u7801\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "LDAP Account Manager\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2022-53547\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Ldap account manager Ldap account manager \u003c8.0"
  },
  "referenceLink": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6m3q-5c84-6h6j",
  "serverity": "\u4e2d",
  "submitTime": "2022-06-30",
  "title": "LDAP Account Manager\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2022-53547\uff09"
}

CVE-2022-31085 (GCVE-0-2022-31085)

Vulnerability from cvelistv5 – Published: 2022-06-27 20:55 – Updated: 2025-04-23 18:07

Title

Missing Encryption of Sensitive Data in ldap-account-manager

Summary

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-311 - Missing Encryption of Sensitive Data

Assigner

GitHub_M

References

URL

Tags

	https://github.com/LDAPAccountManager/lam/commit/…	x_refsource_MISC
	https://github.com/LDAPAccountManager/lam/securit…	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5177	vendor-advisoryx_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	LDAPAccountManager	lam	Affected: < 8.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:11:39.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6m3q-5c84-6h6j"
          },
          {
            "name": "DSA-5177",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5177"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-31085",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T14:04:27.402755Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T18:07:04.817Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "lam",
          "vendor": "LDAPAccountManager",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 8.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-311",
              "description": "CWE-311: Missing Encryption of Sensitive Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-06T10:06:23.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6m3q-5c84-6h6j"
        },
        {
          "name": "DSA-5177",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5177"
        }
      ],
      "source": {
        "advisory": "GHSA-6m3q-5c84-6h6j",
        "discovery": "UNKNOWN"
      },
      "title": "Missing Encryption of Sensitive Data in ldap-account-manager",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-31085",
          "STATE": "PUBLIC",
          "TITLE": "Missing Encryption of Sensitive Data in ldap-account-manager"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "lam",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 8.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "LDAPAccountManager"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-311: Missing Encryption of Sensitive Data"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4",
              "refsource": "MISC",
              "url": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4"
            },
            {
              "name": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6m3q-5c84-6h6j",
              "refsource": "CONFIRM",
              "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6m3q-5c84-6h6j"
            },
            {
              "name": "DSA-5177",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5177"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-6m3q-5c84-6h6j",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-31085",
    "datePublished": "2022-06-27T20:55:21.000Z",
    "dateReserved": "2022-05-18T00:00:00.000Z",
    "dateUpdated": "2025-04-23T18:07:04.817Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-53547

CVE-2022-31085 (GCVE-0-2022-31085)

Tags

Sightings

Nomenclature