CVE-2023-38994

Name of the Vulnerable Software and Affected Versions Univention Corporate Server (UCS) versions 5.0-5

Description The issue is related to the check univention joinstatus prometheus monitoring script, which reveals the LDAP plaintext password of the machine account in the process list. This allows attackers with local ssh access to gain higher privileges and perform follow-up attacks. By default, the configuration of UCS does not allow local ssh access for regular users. The exploitation of this issue may permit an attacker to elevate their privileges.

Recommendations For Univention Corporate Server (UCS) versions 5.0-5, consider disabling the check univention joinstatus function as a temporary workaround until a patch is available. Restrict access to the process list to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.