Описание
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-14824
- https://access.redhat.com/errata/RHSA-2019:3401
- https://access.redhat.com/errata/RHSA-2019:3981
- https://access.redhat.com/errata/RHSA-2020:0464
- https://access.redhat.com/security/cve/CVE-2019-14824
- https://bugzilla.redhat.com/show_bug.cgi?id=1747448
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824
- https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html
- https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html
- https://pagure.io/389-ds-base/issue/50716
Связанные уязвимости
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
A flaw was found in the 'deref' plugin of 389-ds-base where it could u ...
ELSA-2019-3981: 389-ds-base security and bug fix update (IMPORTANT)