Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-1055

Опубликовано: 27 фев. 2023
Источник: debian

Описание

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
389-ds-basefixed2.3.4+dfsg1-1package
389-ds-baseno-dsabookwormpackage
389-ds-baseno-dsabullseyepackage
389-ds-baseno-dsabusterpackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=2173517

  • https://github.com/389ds/389-ds-base/commit/8483d60de374be78ce3dd423ac7ad7a3cdc5eaca (389-ds-base-2.3.3)

  • https://github.com/389ds/389-ds-base/commit/2038989d477d6281463668c91f72649fde880145 (389-ds-base-2.2.8)

  • https://github.com/389ds/389-ds-base/commit/92f9d3b9d06c1729e536948c638761c9fa7c962a (389-ds-base-1.4.3.35)

Связанные уязвимости

ubuntu логотип

CVE-2023-1055

CVSS3: 5.5
ubuntu
почти 3 года назад

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.

redhat логотип

CVE-2023-1055

CVSS3: 5.5
redhat
почти 3 года назад

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.

nvd логотип

CVE-2023-1055

CVSS3: 5.5
nvd
почти 3 года назад

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.

github логотип

GHSA-w8wv-xqxw-7vgx

CVSS3: 5.5
github
почти 3 года назад

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.

fstec логотип

BDU:2025-12486

CVSS3: 5.5
fstec
почти 3 года назад

Уязвимость сервера службы каталогов 389 Directory Server, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным