Описание
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
EPSS
6.5 Medium
CVSS3
6.5 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
A flaw was found in the 'deref' plugin of 389-ds-base where it could u ...
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
ELSA-2019-3981: 389-ds-base security and bug fix update (IMPORTANT)
EPSS
6.5 Medium
CVSS3
6.5 Medium
CVSS3
3.5 Low
CVSS2