forked from CVEProject/cvelist
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add CVE-2022-31088 for GHSA-wxf8-9x99-6gp4
Add CVE-2022-31088 for GHSA-wxf8-9x99-6gp4
- Loading branch information
1 parent
846a8bc
commit 6ecad1f
Showing
1 changed file
with
76 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,18 +1,88 @@ | ||
| { | ||
| "data_type": "CVE", | ||
| "data_format": "MITRE", | ||
| "data_version": "4.0", | ||
| "CVE_data_meta": { | ||
| "ASSIGNER": "security-advisories@github.com", | ||
| "ID": "CVE-2022-31088", | ||
| "ASSIGNER": "cve@mitre.org", | ||
| "STATE": "RESERVED" | ||
| "STATE": "PUBLIC", | ||
| "TITLE": "Unauthenticated LDAP Injection in ldap-account-manager" | ||
| }, | ||
| "affects": { | ||
| "vendor": { | ||
| "vendor_data": [ | ||
| { | ||
| "product": { | ||
| "product_data": [ | ||
| { | ||
| "product_name": "lam", | ||
| "version": { | ||
| "version_data": [ | ||
| { | ||
| "version_value": "< 8.0" | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| ] | ||
| }, | ||
| "vendor_name": "LDAPAccountManager" | ||
| } | ||
| ] | ||
| } | ||
| }, | ||
| "data_format": "MITRE", | ||
| "data_type": "CVE", | ||
| "data_version": "4.0", | ||
| "description": { | ||
| "description_data": [ | ||
| { | ||
| "lang": "eng", | ||
| "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." | ||
| "value": "LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed in version 8.0." | ||
| } | ||
| ] | ||
| }, | ||
| "impact": { | ||
| "cvss": { | ||
| "attackComplexity": "LOW", | ||
| "attackVector": "NETWORK", | ||
| "availabilityImpact": "LOW", | ||
| "baseScore": 6.5, | ||
| "baseSeverity": "MEDIUM", | ||
| "confidentialityImpact": "LOW", | ||
| "integrityImpact": "NONE", | ||
| "privilegesRequired": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "userInteraction": "NONE", | ||
| "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", | ||
| "version": "3.0" | ||
| } | ||
| }, | ||
| "problemtype": { | ||
| "problemtype_data": [ | ||
| { | ||
| "description": [ | ||
| { | ||
| "lang": "eng", | ||
| "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| }, | ||
| "references": { | ||
| "reference_data": [ | ||
| { | ||
| "name": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-wxf8-9x99-6gp4", | ||
| "refsource": "CONFIRM", | ||
| "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-wxf8-9x99-6gp4" | ||
| }, | ||
| { | ||
| "name": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4", | ||
| "refsource": "MISC", | ||
| "url": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4" | ||
| } | ||
| ] | ||
| }, | ||
| "source": { | ||
| "advisory": "GHSA-wxf8-9x99-6gp4", | ||
| "discovery": "UNKNOWN" | ||
| } | ||
| } |