Описание
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.
Ссылки
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Одновременно
Одно из
EPSS
4.7 Medium
CVSS3
1.9 Low
CVSS2
Дефекты
Связанные уязвимости
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets ...
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.
EPSS
4.7 Medium
CVSS3
1.9 Low
CVSS2