CVE-2023-38994 Information

Description

An issue in Univention UCS v.5.0 allows a local attacker to execute arbitrary code and gain privileges via the check_univention_joinstatus function.

Reference

https://www.drive-byte.de/en/blog/simple-yet-effective-the-story-of-some-simple-bugs-that-led-to-the-complete-compromise-of-a-network https://forge.univention.org/bugzilla/show_bug.cgi?id=56324#c0 https://forge.univention.org/bugzilla/show_bug.cgi?id=56324