{"vulnerability": "CVE-2023-3899", "sightings": [{"uuid": "07599cc6-6fa7-4884-96c0-46acc3e41c9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38995", "type": "seen", "source": "https://t.me/ctinow/203121", "content": "https://ift.tt/RUqMldG\nCVE-2023-38995 Exploit", "creation_timestamp": "2024-03-08T08:16:57.000000Z"}, {"uuid": "f385583d-a463-42c0-a763-179e045e06de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38994", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11947", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-38994\n\ud83d\udd25 CVSS Score: 7.9 (cvssV3_1, Vector: CVSS:3.1/AC:L/AV:L/A:N/C:H/I:H/PR:H/S:C/UI:N)\n\ud83d\udd39 Description: The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users.\n\ud83d\udccf Published: 2023-10-31T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-15T22:09:15.651Z\n\ud83d\udd17 References:\n1. https://forge.univention.org/bugzilla/show_bug.cgi?id=56324\n2. https://www.drive-byte.de/en/blog/simple-yet-effective-the-story-of-some-simple-bugs-that-led-to-the-complete-compromise-of-a-network\n3. https://forge.univention.org/bugzilla/show_bug.cgi?id=56324#c0\n4. https://raeph123.github.io/BlogPosts/Univention/Simple_yet_effective_The_story_of_some_simple_bugs_that_led_to_the_complete_compromise_of_a_network_en.html", "creation_timestamp": "2025-04-15T22:55:48.000000Z"}, {"uuid": "7f45377f-767d-4cec-93c7-1af87b12510c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38994", "type": "seen", "source": "https://t.me/cibsecurity/73222", "content": "\u203c CVE-2023-38994 \u203c\n\nAn issue in Univention UCS v.5.0 allows a local attacker to execute arbitrary code and gain privileges via the check_univention_joinstatus function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-31T15:50:54.000000Z"}, {"uuid": "8e6be712-2b99-440a-ba38-38928500dc79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38998", "type": "seen", "source": "https://t.me/cibsecurity/68128", "content": "\u203c CVE-2023-38998 \u203c\n\nAn open redirect in the Login page of OPNsense before 23.7 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-09T22:15:33.000000Z"}, {"uuid": "10ebb5da-d989-47d1-934e-a9751bbe7b8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38995", "type": "seen", "source": "https://t.me/ctinow/180976", "content": "https://ift.tt/v2uEolr\nCVE-2023-38995", "creation_timestamp": "2024-02-07T21:21:40.000000Z"}, {"uuid": "10ac7156-8faa-475a-83df-eef880b2d36d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38999", "type": "seen", "source": "https://t.me/cibsecurity/68123", "content": "\u203c CVE-2023-38999 \u203c\n\nA Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense before 23.7 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-09T22:15:25.000000Z"}, {"uuid": "29b1f43f-d36e-485f-b4d6-f25892e4fb27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3899", "type": "seen", "source": "https://t.me/cibsecurity/69050", "content": "\u203c CVE-2023-3899 \u203c\n\nA vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-23T15:04:49.000000Z"}, {"uuid": "e289bbf4-0f1e-4661-a1a9-d114099e7aca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38991", "type": "seen", "source": "https://t.me/cibsecurity/67737", "content": "\u203c CVE-2023-38991 \u203c\n\nAn issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-04T07:45:32.000000Z"}, {"uuid": "374804e3-0b8b-4c61-870a-82a0c3328217", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38990", "type": "seen", "source": "https://t.me/cibsecurity/67553", "content": "\u203c CVE-2023-38990 \u203c\n\nAn issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-02T07:39:05.000000Z"}, {"uuid": "22a7de59-402a-4190-ab99-968fc89b0117", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38992", "type": "seen", "source": "https://t.me/cibsecurity/67377", "content": "\u203c CVE-2023-38992 \u203c\n\njeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-28T18:35:56.000000Z"}]}