{"url":"http://public2.vulnerablecode.io/api/packages/624488?format=json","purl":"pkg:nuget/DSInternals.Common@2.21.2","type":"nuget","namespace":"","name":"DSInternals.Common","version":"2.21.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.8.0","latest_non_vulnerable_version":"4.8.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109436?format=json","vulnerability_id":"VCID-wa3n-pcn4-m7gv","summary":"DSInternals Credential Roaming Elevation of Privilege Vulnerability\n### Impact\n\nA vulnerability exists in the `DSInternals.Common.Data.RoamedCredential.Save()` method, which incorrectly parses the `msPKIAccountCredentials` LDAP attribute values. As a consequence, a malicious actor would be able to modify the file system of the computer where an application using this function is executed with administrative privileges.\n\nA [similar security issue](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30170) used to be present in the Windows operating system, as DSInternals re-implements the Credential Roaming feature of Windows.\n\n### Exploitability\n\nThe vulnerability can be exploited under the following circumstances:\n- An attacker is able to modify the `msPKIAccountCredentials` attribute of a user account in Active Directory. This attribute is used by the Credential Roaming feature of Windows and each AD user can modify their own roamed credentials. AND\n- A 3rd party application uses the `DSInternals.Common` library to export roamed credentials from Active Directory to a file system. AND\n- The application has administrative privileges on the local system.\n\nThe probability of any 3rd-party product using the `DSInternals.Common` library being affected by this vulnerability is extremely low.\n\n### Patches\n\nThe issue had been fixed in DSInternals 4.8.\n\n### References\n\nhttps://www.mandiant.com/resources/blog/apt29-windows-credential-roaming","references":[{"reference_url":"https://github.com/MichaelGrafnetter/DSInternals","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/MichaelGrafnetter/DSInternals"},{"reference_url":"https://github.com/MichaelGrafnetter/DSInternals/security/advisories/GHSA-vx2x-9cff-fhjw","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/MichaelGrafnetter/DSInternals/security/advisories/GHSA-vx2x-9cff-fhjw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30170","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30170"},{"reference_url":"https://www.mandiant.com/resources/blog/apt29-windows-credential-roaming","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mandiant.com/resources/blog/apt29-windows-credential-roaming"},{"reference_url":"https://github.com/advisories/GHSA-vx2x-9cff-fhjw","reference_id":"GHSA-vx2x-9cff-fhjw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vx2x-9cff-fhjw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/146582?format=json","purl":"pkg:nuget/DSInternals.Common@4.8.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DSInternals.Common@4.8.0"}],"aliases":["GHSA-vx2x-9cff-fhjw","GMS-2022-7965"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wa3n-pcn4-m7gv"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/DSInternals.Common@2.21.2"}