GHSA-vx2x-9cff-fhjw: 
C# vulnerability analysis and mitigation

A vulnerability exists in the DSInternals.Common.Data.RoamedCredential.Save() method of DSInternals.Common (NuGet) package, versions 2.21 through 4.7, which incorrectly parses the msPKIAccountCredentials LDAP attribute values. This vulnerability was discovered and disclosed in December 2022, identified as CVE-2022-30170 and GHSA-vx2x-9cff-fhjw. The vulnerability affects applications using the DSInternals.Common library with administrative privileges (GitHub Advisory).

The vulnerability stems from improper parsing of msPKIAccountCredentials LDAP attribute values in the DSInternals.Common library. The issue is related to the Windows Credential Roaming feature, which DSInternals re-implements. The vulnerability has been assigned a CVSS v3.1 base score of 6.3 (Moderate), with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L (GitHub Advisory).

When exploited, this vulnerability allows a malicious actor to modify the file system of the computer where an application using the affected function is executed with administrative privileges. The impact affects systems where the DSInternals.Common library is used to export roamed credentials from Active Directory to a file system (GitHub Advisory).

The vulnerability has been patched in DSInternals version 4.8. Organizations using affected versions should upgrade to version 4.8 or later to mitigate this security risk (GitHub Advisory).