CVE-2023-38994 HIGH

CVE-2023-38994

Vendor N/A
Product n/a
Published October 31, 2023
Last update April 15, 2025

CVSS base score

7.9/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AC:L/AV:L/A:N/C:H/I:H/PR:H/S:C/UI:N

What the vulnerability does

01Description

The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users.

Key dates

02Disclosure timeline

October 31, 2023 CVE published
April 15, 2025 Record updated