CVE-2024-52792 — Ldap-account-manager vulnerability

3 documents3 sources

Severity

6.5MEDIUMNVD

OSV6.6

EPSS

0.1%

top 76.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Ldap-account-manager

Timeline

PublishedDec 17

Description

LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via `mainmanage.php` and `confmain.php`. This allows setting arbitrary config values and thus effectively bypassing `mitigation` of CVE-2024-23333/GHSA-fm9w-7m7v-wxqv. Configuration values for the main config or server profiles are set via `mainmanage.php` and `confmain.php`. Th…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages1 packages

▶debiandebian/ldap-account-manager< ldap-account-manager 9.0-1 (forky)

🔴Vulnerability Details

OSV

CVE-2024-52792: LDAP Account Manager (LAM) is a php webfrontend for managing entries (e↗2024-12-17

▶

📋Vendor Advisories

Debian

CVE-2024-52792: ldap-account-manager - LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users...↗2024

▶