Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ldap_integration_with_active_directory_and_openldap by miniorange

    CVE-2023-23749 (GCVE-0-2023-23749)

    Vulnerability from nvd – Published: 2023-01-17 19:38 – Updated: 2025-04-04 04:36
    VLAI
    Title
    Extension - miniorange - LDAP Integration - LDAP Injection (username)
    Summary
    The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • LDAP injection
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:42:25.931Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://extensions.joomla.org/vulnerable-extensions/resolved/ldap-integration-with-active-directory-and-openldap-ntlm-kerberos-login-5-0-2-other/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23749",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T18:10:43.978793Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-74",
                    "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T19:24:39.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LDAP Integration with Active Directory and OpenLDAP - NTLM \u0026 Kerberos Login",
              "vendor": "miniorange",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.2"
                },
                {
                  "status": "unaffected",
                  "version": "6.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The \u0027LDAP Integration with Active Directory and OpenLDAP - NTLM \u0026 Kerberos Login\u0027 extension is vulnerable to LDAP Injection since is not properly sanitizing the \u0027username\u0027 POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database."
                }
              ],
              "value": "The \u0027LDAP Integration with Active Directory and OpenLDAP - NTLM \u0026 Kerberos Login\u0027 extension is vulnerable to LDAP Injection since is not properly sanitizing the \u0027username\u0027 POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "LDAP injection",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T04:36:21.675Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://extensions.joomla.org/vulnerable-extensions/resolved/ldap-integration-with-active-directory-and-openldap-ntlm-kerberos-login-5-0-2-other/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Extension - miniorange - LDAP Integration - LDAP Injection (username)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2023-23749",
        "datePublished": "2023-01-17T19:38:22.103Z",
        "dateReserved": "2023-01-17T19:02:50.302Z",
        "dateUpdated": "2025-04-04T04:36:21.675Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23749 (GCVE-0-2023-23749)

    Vulnerability from cvelistv5 – Published: 2023-01-17 19:38 – Updated: 2025-04-04 04:36
    VLAI
    Title
    Extension - miniorange - LDAP Integration - LDAP Injection (username)
    Summary
    The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • LDAP injection
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:42:25.931Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://extensions.joomla.org/vulnerable-extensions/resolved/ldap-integration-with-active-directory-and-openldap-ntlm-kerberos-login-5-0-2-other/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23749",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T18:10:43.978793Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-74",
                    "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T19:24:39.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "LDAP Integration with Active Directory and OpenLDAP - NTLM \u0026 Kerberos Login",
              "vendor": "miniorange",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.2"
                },
                {
                  "status": "unaffected",
                  "version": "6.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The \u0027LDAP Integration with Active Directory and OpenLDAP - NTLM \u0026 Kerberos Login\u0027 extension is vulnerable to LDAP Injection since is not properly sanitizing the \u0027username\u0027 POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database."
                }
              ],
              "value": "The \u0027LDAP Integration with Active Directory and OpenLDAP - NTLM \u0026 Kerberos Login\u0027 extension is vulnerable to LDAP Injection since is not properly sanitizing the \u0027username\u0027 POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "LDAP injection",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T04:36:21.675Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://extensions.joomla.org/vulnerable-extensions/resolved/ldap-integration-with-active-directory-and-openldap-ntlm-kerberos-login-5-0-2-other/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Extension - miniorange - LDAP Integration - LDAP Injection (username)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2023-23749",
        "datePublished": "2023-01-17T19:38:22.103Z",
        "dateReserved": "2023-01-17T19:02:50.302Z",
        "dateUpdated": "2025-04-04T04:36:21.675Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }