CVE-2024-52792

LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via `mainmanage.php` and `confmain.php`. This allows setting arbitrary config values and thus effectively bypassing `mitigation` of CVE-2024-23333/GHSA-fm9w-7m7v-wxqv. Configuration values for the main config or server profiles are set via `mainmanage.php` and `confmain.php`. The values are written to `config.cfg` or `serverprofile.conf` in the format of `settingsName: settingsValue` line-by-line. An attacker can smuggle arbitrary config values in a config file, by inserting a newline into certain config fields, followed by the value. This vulnerability has been addressed in version 9.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/LDAPAccountManager/lam/blob/fd665fef3b222bf8205154b14f676815d2d6ae20/lam/templates/config/mainmanage.php#L263
https://github.com/LDAPAccountManager/lam/releases/tag/9.0
https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6cp9-j5r7-xhcc
https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv

Configurations

No configuration.

History

17 Dec 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-17 22:15

Updated : 2024-12-17 22:15

NVD link : CVE-2024-52792

Mitre link : CVE-2024-52792

CVE.ORG link : CVE-2024-52792

JSON object : View

Products Affected

No product.

CWE

CWE-610

Externally Controlled Reference to a Resource in Another Sphere

{"id": "CVE-2024-52792", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.2}]}, "published": "2024-12-17T22:15:07.083", "references": [{"url": "https://github.com/LDAPAccountManager/lam/blob/fd665fef3b222bf8205154b14f676815d2d6ae20/lam/templates/config/mainmanage.php#L263", "source": "security-advisories@github.com"}, {"url": "https://github.com/LDAPAccountManager/lam/releases/tag/9.0", "source": "security-advisories@github.com"}, {"url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6cp9-j5r7-xhcc", "source": "security-advisories@github.com"}, {"url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv", "source": "security-advisories@github.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-610"}]}], "descriptions": [{"lang": "en", "value": "LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via `mainmanage.php` and `confmain.php`. This allows setting arbitrary config values and thus effectively bypassing `mitigation` of CVE-2024-23333/GHSA-fm9w-7m7v-wxqv. Configuration values for the main config or server profiles are set via `mainmanage.php` and `confmain.php`.\nThe values are written to `config.cfg` or `serverprofile.conf` in the format of `settingsName: settingsValue` line-by-line.\nAn attacker can smuggle arbitrary config values in a config file, by inserting a newline into certain config fields, followed by the value. This vulnerability has been addressed in version 9.0. All users are advised to upgrade. There are no known workarounds for this vulnerability."}], "lastModified": "2024-12-17T22:15:07.083", "sourceIdentifier": "security-advisories@github.com"}