Описание
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 1.4.2.4-1 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 1.4.2.4-1 |
| esm-apps/jammy | not-affected | 1.4.2.4-1 |
| esm-apps/noble | not-affected | 1.4.2.4-1 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE |
Показывать по
EPSS
3.5 Low
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
A flaw was found in the 'deref' plugin of 389-ds-base where it could u ...
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
ELSA-2019-3981: 389-ds-base security and bug fix update (IMPORTANT)
EPSS
3.5 Low
CVSS2
6.5 Medium
CVSS3