CVE-2023-5003

2023-10-1620:15:17

[email protected]

web.nvd.nist.gov

active directory

ldap

wordpress

plugin

sensitive data

security vulnerability

log file

nvd

cve-2023-5003

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.005 Low

EPSS

Percentile

75.6%

JSON

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.

Affected configurations

Vulners

NVD

Node

miniorangeactive_directory_integration_\/_ldap_integrationRange<4.1.10

VendorProductVersionCPE
miniorangeactive_directory_integration_\/_ldap_integration*cpe:2.3:a:miniorange:active_directory_integration_\/_ldap_integration:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
miniorange	active_directory_integration_\/_ldap_integration	*	cpe:2.3:a:miniorange:active_directory_integration_\/_ldap_integration::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Active Directory Integration / LDAP Integration",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.1.10"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]