Описание
The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 0.0~hg20200128.09e7e880e056+dfsg-1 |
| eoan | ignored | end of life |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 0.0~hg20200128.09e7e880e056+dfsg-1 |
| esm-apps/jammy | not-affected | 0.0~hg20200128.09e7e880e056+dfsg-1 |
| esm-apps/noble | not-affected | 0.0~hg20200128.09e7e880e056+dfsg-1 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | 0.0~hg20200128.09e7e880e056+dfsg-1 |
Показывать по
Ссылки на источники
EPSS
6.8 Medium
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin.
The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01 ...
The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin.
Уязвимость модулей LDAP-аутентификации (mod_auth_ldap и mod_auth_ldap2) для Prosody сервера Jabber/XMPP, связанная с неправильной авторизацией, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
6.8 Medium
CVSS2
9.8 Critical
CVSS3