CVE-2022-31088

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-31088
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31088.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-31088
Aliases
  • GHSA-wxf8-9x99-6gp4
Related
Published
2022-06-27T21:15:08Z
Modified
2024-10-12T09:39:27.084089Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed in version 8.0.

References

Affected packages

Debian:11 / ldap-account-manager

Package

Name
ldap-account-manager
Purl
pkg:deb/debian/ldap-account-manager?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.1-0+deb11u1

Affected versions

7.*

7.4-1
7.5-1
7.7-1
7.9-1
7.9.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ldap-account-manager

Package

Name
ldap-account-manager
Purl
pkg:deb/debian/ldap-account-manager?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ldap-account-manager

Package

Name
ldap-account-manager
Purl
pkg:deb/debian/ldap-account-manager?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/ldapaccountmanager/lam

Affected ranges

Type
GIT
Repo
https://github.com/ldapaccountmanager/lam
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

lam_5_4
lam_5_4_RC1
lam_5_5
lam_5_5_RC1
lam_5_6
lam_5_6_RC1
lam_5_7
lam_5_7_RC1
lam_6_0
lam_6_0_1
lam_6_0_RC1
lam_6_0_RC2
lam_6_1
lam_6_1_RC1
lam_6_2
lam_6_2_1
lam_6_2_RC1
lam_6_3
lam_6_3_RC1
lam_6_4
lam_6_4_RC1
lam_6_5
lam_6_5_RC1
lam_6_6
lam_6_6_RC1
lam_6_7
lam_6_7_RC1
lam_6_8
lam_6_8_RC1
lam_6_9
lam_6_9_RC1
lam_7_0
lam_7_0_RC1
lam_7_1
lam_7_1_RC1
lam_7_2
lam_7_2_RC1
lam_7_3
lam_7_3_RC1
lam_7_4
lam_7_4_RC1
lam_7_5
lam_7_5_RC1
lam_7_6
lam_7_6_RC1
lam_7_7
lam_7_7_RC1
lam_7_8
lam_7_8_RC1
lam_7_9
lam_7_9_1
lam_7_9_RC1
lam_8_0_RC1
untagged-0f11e4b04e249cac51c5