CVE-2022-31085

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31085

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31085.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-31085

Aliases

GHSA-6m3q-5c84-6h6j

Related

Published

2022-06-27T21:15:08Z

Modified

2024-10-12T09:39:27.673371Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration.

References

Affected packages

Debian:11 / ldap-account-manager

Package

Name: ldap-account-manager
Purl: pkg:deb/debian/ldap-account-manager?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.1-0+deb11u1

Affected versions

7.*

7.4-1

7.5-1

7.7-1

7.9-1

7.9.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ldap-account-manager

Package

Name: ldap-account-manager
Purl: pkg:deb/debian/ldap-account-manager?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ldap-account-manager

Package

Name: ldap-account-manager
Purl: pkg:deb/debian/ldap-account-manager?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/ldapaccountmanager/lam

Affected ranges

Type: GIT
Repo: https://github.com/ldapaccountmanager/lam
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f1d5d04952f39a1b4ea203d3964fa88e1429dfd4

Affected versions

Other

lam_5_4

lam_5_4_RC1

lam_5_5

lam_5_5_RC1

lam_5_6

lam_5_6_RC1

lam_5_7

lam_5_7_RC1

lam_6_0

lam_6_0_1

lam_6_0_RC1

lam_6_0_RC2

lam_6_1

lam_6_1_RC1

lam_6_2

lam_6_2_1

lam_6_2_RC1

lam_6_3

lam_6_3_RC1

lam_6_4

lam_6_4_RC1

lam_6_5

lam_6_5_RC1

lam_6_6

lam_6_6_RC1

lam_6_7

lam_6_7_RC1

lam_6_8

lam_6_8_RC1

lam_6_9

lam_6_9_RC1

lam_7_0

lam_7_0_RC1

lam_7_1

lam_7_1_RC1

lam_7_2

lam_7_2_RC1

lam_7_3

lam_7_3_RC1

lam_7_4

lam_7_4_RC1

lam_7_5

lam_7_5_RC1

lam_7_6

lam_7_6_RC1

lam_7_7

lam_7_7_RC1

lam_7_8

lam_7_8_RC1

lam_7_9

lam_7_9_1

lam_7_9_RC1

lam_8_0_RC1

untagged-0f11e4b04e249cac51c5