CVE-2019-10224

Опубликовано: 27 нояб. 2018

Источник: redhat

CVSS3: 4.3

Описание

A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.

When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	389-ds-base	Not affected
Red Hat Enterprise Linux 7	389-ds-base	Not affected
Red Hat Enterprise Linux 8	389-ds	Fixed	RHSA-2019:3401	05.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-522->CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1677147389-ds-base: using dscreate in verbose mode results in information disclosure

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2019-10224

CVSS3: 4.6

ubuntu

около 6 лет назад

CVE-2019-10224

CVSS3: 4.6

nvd

около 6 лет назад

CVE-2019-10224

CVSS3: 4.6

debian

около 6 лет назад

A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. ...

GHSA-349x-pch6-942w

CVSS3: 4.6

github

больше 3 лет назад

ELSA-2019-3401

oracle-oval

около 6 лет назад

ELSA-2019-3401: 389-ds:1.4 security, bug fix, and enhancement update (IMPORTANT)

4.3 Medium

CVSS3