CVE-2024-23333 - Vulnerability Details - OpenCVE

LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM's master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0019.

Key SSVC decision points have not yet been added.

Vendors	Products
Ldap-account-manager	Ldap Account Manager

Configuration 1 [-]

cpe:2.3:a:ldap-account-manager:ldap_account_manager:*:*:*:*:*:*:*:*

No data.

No data.

References

Link	Providers
https://github.com/LDAPAccountManager/lam/releases/tag/8.7
https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv

History

Tue, 23 Dec 2025 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ldap-account-manager Ldap-account-manager ldap Account Manager
CPEs		cpe:2.3:a:ldap-account-manager:ldap_account_manager::::::::
Vendors & Products		Ldap-account-manager Ldap-account-manager ldap Account Manager

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-18T21:07:09.513Z

Updated: 2024-08-21T15:04:56.308Z

Reserved: 2024-01-15T15:19:19.442Z

Link: CVE-2024-23333

Vulnrichment

Updated: 2024-08-01T22:59:32.212Z

NVD

Status : Analyzed

Published: 2024-03-18T21:15:06.473

Modified: 2025-12-23T19:29:57.070

Link: CVE-2024-23333

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23333", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-15T15:19:19.442Z", "datePublished": "2024-03-18T21:07:09.513Z", "dateUpdated": "2024-08-21T15:04:56.308Z"}, "containers": {"cna": {"title": "LAM vulnerable to Authenticated Remote Code Execution", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv"}, {"name": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7", "tags": ["x_refsource_MISC"], "url": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7"}], "affected": [{"vendor": "LDAPAccountManager", "product": "lam", "versions": [{"version": "< 8.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-18T21:07:09.513Z"}, "descriptions": [{"lang": "en", "value": "LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM's master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users.\n"}], "source": {"advisory": "GHSA-fm9w-7m7v-wxqv", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.212Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv"}, {"name": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-21T15:04:47.680234Z", "id": "CVE-2024-23333", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T15:04:56.308Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv", "name": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7", "name": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.212Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23333", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-21T15:04:47.680234Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T15:04:52.986Z"}}], "cna": {"title": "LAM vulnerable to Authenticated Remote Code Execution", "source": {"advisory": "GHSA-fm9w-7m7v-wxqv", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "LDAPAccountManager", "product": "lam", "versions": [{"status": "affected", "version": "< 8.7"}]}], "references": [{"url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv", "name": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7", "name": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM's master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-18T21:07:09.513Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23333", "state": "PUBLISHED", "dateUpdated": "2024-08-21T15:04:56.308Z", "dateReserved": "2024-01-15T15:19:19.442Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-18T21:07:09.513Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ldap-account-manager:ldap_account_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A8535AD-7102-465A-9DEA-5C7A387CD2CA", "versionEndExcluding": "8.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM's master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users.\n"}, {"lang": "es", "value": "LDAP Account Manager (LAM) es una interfaz web para administrar entradas almacenadas en un directorio LDAP. La configuraci\u00f3n de registro de LAM permite especificar rutas arbitrarias para archivos de registro. Antes de la versi\u00f3n 8.7, un atacante pod\u00eda aprovechar esto creando un archivo PHP y hacer que LAM registrara alg\u00fan c\u00f3digo PHP en este archivo. Cuando se accede al archivo a trav\u00e9s de la web, se ejecutar\u00e1 el c\u00f3digo. El problema se mitiga con lo siguiente: un atacante necesita conocer la contrase\u00f1a de configuraci\u00f3n maestra de LAM para poder cambiar la configuraci\u00f3n principal; y el servidor web necesita acceso de escritura a un directorio al que se pueda acceder a trav\u00e9s de la web. La propia LAM no proporciona dichos directorios. El problema se solucion\u00f3 en 8.7. Como workaround, limite el acceso a las p\u00e1ginas de configuraci\u00f3n de LAM a usuarios autorizados."}], "id": "CVE-2024-23333", "lastModified": "2025-12-23T19:29:57.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-18T21:15:06.473", "references": [{"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Release Notes"], "url": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}]}