CVE-2023-5003 Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure

2023-10-1619:39:08

WPScan

www.cve.org

cve-2023-5003; active directory integration; unauthenticated log disclosure; ldap integration wordpress plugin; log disclosure; sensitive data storage; url accessible

0.005 Low

EPSS

Percentile

75.6%

JSON

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Active Directory Integration / LDAP Integration",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.1.10"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/91f4e500-71f3-4ef6-9cc7-24a7c12a5748

0.005 Low

EPSS

Percentile

75.6%

JSON

Related for CVELIST:CVE-2023-5003