CVE-2019-14824
6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| [UNKNOWN] | 389-ds-base | n/a | affected |
Weaknesses
- CWE-732: CWE-732
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2019:3981
- https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html
- https://access.redhat.com/errata/RHSA-2020:0464
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824
- https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html
References
- https://access.redhat.com/errata/RHSA-2019:3981
- https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html
- https://access.redhat.com/errata/RHSA-2020:0464
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824
- https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.