{
  "schema_version": "1.4.0",
  "id": "GHSA-vx2x-9cff-fhjw",
  "modified": "2022-12-06T21:13:49Z",
  "published": "2022-12-06T21:13:49Z",
  "aliases": [],
  "summary": "DSInternals Credential Roaming Elevation of Privilege Vulnerability",
  "details": "### Impact\n\nA vulnerability exists in the `DSInternals.Common.Data.RoamedCredential.Save()` method, which incorrectly parses the `msPKIAccountCredentials` LDAP attribute values. As a consequence, a malicious actor would be able to modify the file system of the computer where an application using this function is executed with administrative privileges.\n\nA [similar security issue](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30170) used to be present in the Windows operating system, as DSInternals re-implements the Credential Roaming feature of Windows.\n\n### Exploitability\n\nThe vulnerability can be exploited under the following circumstances:\n- An attacker is able to modify the `msPKIAccountCredentials` attribute of a user account in Active Directory. This attribute is used by the Credential Roaming feature of Windows and each AD user can modify their own roamed credentials. AND\n- A 3rd party application uses the `DSInternals.Common` library to export roamed credentials from Active Directory to a file system. AND\n- The application has administrative privileges on the local system.\n\nThe probability of any 3rd-party product using the `DSInternals.Common` library being affected by this vulnerability is extremely low.\n\n### Patches\n\nThe issue had been fixed in DSInternals 4.8.\n\n### References\n\nhttps://www.mandiant.com/resources/blog/apt29-windows-credential-roaming\n",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "DSInternals.Common"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "2.21"
            },
            {
              "fixed": "4.8"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/MichaelGrafnetter/DSInternals/security/advisories/GHSA-vx2x-9cff-fhjw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30170"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/MichaelGrafnetter/DSInternals"
    },
    {
      "type": "WEB",
      "url": "https://www.mandiant.com/resources/blog/apt29-windows-credential-roaming"
    }
  ],
  "database_specific": {
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-06T21:13:49Z",
    "nvd_published_at": null
  }
}