A valid XCC user's local account permissions overrides...
High severity
Unreviewed
Published
Jul 6, 2023
to the GitHub Advisory Database
•
Updated Apr 11, 2024
Description
Published by the National Vulnerability Database
Apr 28, 2023
Published to the GitHub Advisory Database
Jul 6, 2023
Last updated
Apr 11, 2024
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.
References