Univention · Univention Corporate Server · CVE-2019-1010283
Name of the Vulnerable Software and Affected Versions:
Univention Corporate Server univention-directory-notifier versions 12.0.1-3 and earlier
Description:
The issue affects the function `data on connection()` in `src/callback.c`, allowing intentional information exposure through network connectivity, which may lead to loss of confidentiality.
Recommendations:
For versions 12.0.1-3 and earlier, update to version 12.0.1-4 or later to resolve the issue. As a temporary workaround, consider restricting network connectivity to minimize the risk of exploitation.