CVE-2022-31084

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-31084
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31084.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-31084
Aliases
  • GHSA-r387-grjx-qgvw
Downstream
Published
2022-06-27T20:55:11Z
Modified
2026-04-02T08:00:19.865629Z
Severity
  • 9.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Unauthenticated Remote Code Execution in ldap-account-manager
Details

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to code execution if non-LAM classes are instantiated that execute code during object creation. This issue has been fixed in version 8.0.

Database specific 
{
    "cwe_ids": [
        "CWE-88"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31084.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/ldapaccountmanager/lam

Affected ranges

Type
GIT
Repo
https://github.com/ldapaccountmanager/lam
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
cb97baae7b1aadffd1b54d0bbcb487a5ca769823

Affected versions

Other
lam_5_4
lam_5_4_RC1
lam_5_5
lam_5_5_RC1
lam_5_6
lam_5_6_RC1
lam_5_7
lam_5_7_RC1
lam_6_0
lam_6_0_1
lam_6_0_RC1
lam_6_0_RC2
lam_6_1
lam_6_1_RC1
lam_6_2
lam_6_2_1
lam_6_2_RC1
lam_6_3
lam_6_3_RC1
lam_6_4
lam_6_4_RC1
lam_6_5
lam_6_5_RC1
lam_6_6
lam_6_6_RC1
lam_6_7
lam_6_7_RC1
lam_6_8
lam_6_8_RC1
lam_6_9
lam_6_9_RC1
lam_7_0
lam_7_0_RC1
lam_7_1
lam_7_1_RC1
lam_7_2
lam_7_2_RC1
lam_7_3
lam_7_3_RC1
lam_7_4
lam_7_4_RC1
lam_7_5
lam_7_5_RC1
lam_7_6
lam_7_6_RC1
lam_7_7
lam_7_7_RC1
lam_7_8
lam_7_8_RC1
lam_7_9
lam_7_9_1
lam_7_9_RC1
lam_8_0_RC1
origin/tags/after_0_6_merge
origin/tags/before_0_6_merge
origin/tags/lam_0_4_10
origin/tags/lam_0_4_7
origin/tags/lam_0_4_8
origin/tags/lam_0_4_9
origin/tags/lam_0_5_0
origin/tags/lam_0_5_1
origin/tags/lam_0_5_2
origin/tags/lam_0_5_3
origin/tags/lam_0_5_alpha1
origin/tags/lam_0_5_alpha2
origin/tags/lam_0_5_rc1
origin/tags/lam_0_5_rc2
origin/tags/lam_0_5_rc3
origin/tags/lam_1_0_0
origin/tags/lam_1_0_1
origin/tags/lam_1_0_2
origin/tags/lam_1_0_3
origin/tags/lam_1_0_4
origin/tags/lam_1_0_4RC1
origin/tags/lam_1_0_rc1
origin/tags/lam_1_0_rc2
origin/tags/lam_1_1_0
origin/tags/lam_1_1_0_RC1
origin/tags/lam_1_1_1
origin/tags/lam_1_1_1_rc1
origin/tags/lam_1_2_0
origin/tags/lam_1_2_0_RC1
origin/tags/lam_1_3_0
origin/tags/lam_1_3_0_RC1
origin/tags/lam_2_0_0
origin/tags/lam_2_0_0_RC1
origin/tags/lam_2_1_0
origin/tags/lam_2_1_0_RC1
origin/tags/lam_2_2_0
origin/tags/lam_2_2_0_RC1
origin/tags/lam_2_3_0
origin/tags/lam_2_3_0RC1
origin/tags/lam_2_4_0
origin/tags/lam_2_5_0
origin/tags/lam_2_5_0_RC1
origin/tags/lam_2_6_0
origin/tags/lam_2_6_0_RC1
origin/tags/lam_2_7_0
origin/tags/lam_2_7_0_RC1
origin/tags/lam_2_8_0
origin/tags/lam_2_8_0_RC1
origin/tags/lam_2_9_0
origin/tags/lam_2_9_0_RC1
origin/tags/lam_3_0_0
origin/tags/lam_3_0_0_RC1
origin/tags/lam_3_1_0
origin/tags/lam_3_1_0_RC1
origin/tags/lam_3_1_1
origin/tags/lam_3_2_0
origin/tags/lam_3_2_0_RC1
origin/tags/lam_3_3_0
origin/tags/lam_3_3_0_RC1
origin/tags/lam_3_4_0
origin/tags/lam_3_4_0_RC1
origin/tags/lam_3_5_0
origin/tags/lam_3_5_0_RC1
origin/tags/lam_3_6
origin/tags/lam_3_6_1
origin/tags/lam_3_6_RC1
origin/tags/lam_3_7
origin/tags/lam_3_7_RC1
origin/tags/lam_3_8
origin/tags/lam_3_8_RC1
origin/tags/lam_3_9
origin/tags/lam_3_9_RC1
origin/tags/lam_4_0
origin/tags/lam_4_0_1
origin/tags/lam_4_0_RC1
origin/tags/lam_4_1_RC1
origin/tags/start
origin/tags/trunk
untagged-0f11e4b04e249cac51c5

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31084.json"