Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/04/16 12:47 a.m.29 views

CVE-2023-38994

The 'checkuniventionjoinstatus' prometheus monitoring script and other scripts in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuratio...

7.9CVSS7.2AI score0.00348EPSS
Exploits1References6
NVD
NVD
added 2023/10/31 12:15 p.m.24 views

CVE-2023-38994

The 'checkuniventionjoinstatus' prometheus monitoring script and other scripts in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuratio...

7.9CVSS8AI score0.00348EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/10/31 12:0 a.m.35 views

CVE-2023-38994

The 'checkuniventionjoinstatus' prometheus monitoring script and other scripts in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuratio...

7.9CVSS8.2AI score0.00348EPSS
Exploits1References4
CVE
CVE
added 2023/10/31 12:0 a.m.61 views

CVE-2023-38994

CVE-2023-38994 affects Univention Corporate Server (UCS) 5.0-5. The issue stems from the check_univention_joinstatus Prometheus script (and similar scripts), which exposes the LDAP password of the machine account in the process list. This enables attackers with local SSH access to elevate privile...

7.9CVSS7.8AI score0.00348EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder