Описание
In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server.
Отчет
This is a Important vulnerability because it breaks the Safe jail’s sandboxing by allowing OS command injection via the Perl _ variable. An admin can exploit this to execute arbitrary commands on the server, leading to full system compromise—far beyond a typical configuration flaw.
Меры по смягчению последствий
As a temporary mitigation strictly limit access to the admin interface, enforce strong authentication, and audit existing rules for suspicious code. Avoid using dynamic or complex expressions in rules until the system is fully patched.
Дополнительная информация
Статус:
8 High
CVSS3
Связанные уязвимости
In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server.
In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server.
In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS ...
In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server.
8 High
CVSS3