Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
N/A
Vulnerability Title
UCS@school 安全漏洞
Vulnerability Description
UCS@school是一个全面的解决方案,可提供对学校基础设施和应用程序的访问以及操作它们的完整工具集。 UCS@school v.5.0版本存在安全漏洞。攻击者利用该漏洞执行任意代码并通过 check_univention_joinstatus 函数获取权限。
CVSS Information
N/A
Vulnerability Type
N/A