Vulnerability Details : CVE-2022-31084
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to code execution if non-LAM classes are instantiated that execute code during object creation. This issue has been fixed in version 8.0.
Vulnerability category: Execute code
Products affected by CVE-2022-31084
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:ldap-account-manager:ldap_account_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-31084
1.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-31084
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
9.0
|
CRITICAL | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
2.2
|
6.0
|
GitHub, Inc. | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2022-31084
-
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.Assigned by: security-advisories@github.com (Primary)
References for CVE-2022-31084
-
https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-r387-grjx-qgvw
Unauthenticated Arbitrary Object Instantiation / Unauthenticated Remote Code Execution · Advisory · LDAPAccountManager/lam · GitHubThird Party Advisory
-
https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/
Exploiting Arbitrary Object Instantiations in PHP without Custom Classes – PT SWARMExploit;Third Party Advisory
-
https://www.debian.org/security/2022/dsa-5177
Debian -- Security Information -- DSA-5177-1 ldap-account-managerThird Party Advisory
-
https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4
Merge pull request from GHSA-r387-grjx-qgvw · LDAPAccountManager/lam@f1d5d04 · GitHubPatch;Third Party Advisory
Jump to