Описание
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escape_filter_chars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertion_value parameter, and the non-default escape_mode=1 is configured. The method ldap.filter.escape_filter_chars supports 3 different escaping modes. escape_mode=0 (default) and escape_mode=2 happen to raise exceptions when a list or dict object is supplied as the assertion_value parameter. However, escape_mode=1 computes without performing adequate logic to ensure a fully escaped return value. If an application relies on the vulnerable method in the python-ldap library to escape untrusted user input, an attacker might be able to abuse the vulnerability to launch ldap injection attacks which could potentially disclose or manipulate ldap data meant to be inaccessible to them. Version 3.4.5 fixes the issue by adding a type check at the start of the ldap.filter.escape_filter_chars method to raise an exception when the supplied assertion_value parameter is not of type str.
A sanitization bypass vulnerability has been discovered in python-ldap’s ldap.filter.escape_filter_chars method. When a crafted list or dict object is supplied as the assertion_value parameter with escape_mode=1, the method may skip escaping special characters. This can allow an attacker to inject unescaped special characters into LDAP filters, leading to possible LDAP injection attacks which could disclose or manipulate data.
Отчет
This issue is rated Moderate severity because exploitation allows unauthorized manipulation or disclosure of LDAP data, but requires the library to be used in a specific manner (escape_mode=1 and supplying a list or dict). Typical deployments using default escape_mode=0 or escape_mode=2 are not exposed to this flaw.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability. As an interim precaution, avoid using escape_mode=1 unless absolutely required.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | automation-controller | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | python3.11-ldap | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | python3x-ldap | Fix deferred | ||
| Red Hat Enterprise Linux 10 | python-ldap | Fix deferred | ||
| Red Hat Enterprise Linux 6 | python-ldap | Out of support scope | ||
| Red Hat Enterprise Linux 7 | python-ldap | Out of support scope | ||
| Red Hat Enterprise Linux 8 | python-ldap | Out of support scope | ||
| Red Hat Enterprise Linux 9 | python-ldap | Fix deferred | ||
| Red Hat OpenStack Platform 13 (Queens) | rhosp13/openstack-aodh-api | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | rhosp13/openstack-aodh-base | Out of support scope |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict` is supplied as the `assertion_value` parameter, and the non-default `escape_mode=1` is configured. The method `ldap.filter.escape_filter_chars` supports 3 different escaping modes. `escape_mode=0` (default) and `escape_mode=2` happen to raise exceptions when a `list` or `dict` object is supplied as the `assertion_value` parameter. However, `escape_mode=1` computes without performing adequate logic to ensure a fully escaped return value. If an application relies on the vulnerable method in the `python-ldap` library to escape untrusted user input, an attacker might be able to abuse the vulnerability to launch ldap injection attacks which could potentially disclose or manipulate ldap data meant to be inaccessible to them. Version 3.4...
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict` is supplied as the `assertion_value` parameter, and the non-default `escape_mode=1` is configured. The method `ldap.filter.escape_filter_chars` supports 3 different escaping modes. `escape_mode=0` (default) and `escape_mode=2` happen to raise exceptions when a `list` or `dict` object is supplied as the `assertion_value` parameter. However, `escape_mode=1` computes without performing adequate logic to ensure a fully escaped return value. If an application relies on the vulnerable method in the `python-ldap` library to escape untrusted user input, an attacker might be able to abuse the vulnerability to launch ldap injection attacks which could potentially disclose or manipulate ldap data meant to be inaccessible to them. Version 3.4.5
python-ldap is a lightweight directory access protocol (LDAP) client A ...
python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
Уязвимость компонента filter.py модуля Python для работы с LDAP-каталогами Python-LDAP, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
EPSS
6.5 Medium
CVSS3