Candidate: CVE-2018-10871
PublicDate: 2018-07-18 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10871
 https://pagure.io/389-ds-base/issue/49789
Description:
 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext
 Storage of Sensitive Information. By default, when the Replica and/or
 retroChangeLog plugins are enabled, 389-ds-base stores passwords in
 plaintext format in their respective changelog files. An attacker with
 sufficiently high privileges, such as root or Directory Manager, can query
 these files in order to retrieve plaintext passwords.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H [7.2 HIGH]

Patches_389-ds-base:
upstream_389-ds-base: released (1.4.0.13-1)
precise/esm_389-ds-base: DNE
trusty_389-ds-base: ignored (reached end-of-life)
trusty/esm_389-ds-base: DNE (trusty was needs-triage)
xenial_389-ds-base: ignored (end of standard support, was needed)
artful_389-ds-base: ignored (reached end-of-life)
bionic_389-ds-base: needed
cosmic_389-ds-base: ignored (reached end-of-life)
disco_389-ds-base: not-affected (1.4.0.13-1)
eoan_389-ds-base: not-affected (1.4.0.13-1)
focal_389-ds-base: not-affected (1.4.0.13-1)
groovy_389-ds-base: not-affected (1.4.0.13-1)
hirsute_389-ds-base: not-affected (1.4.0.13-1)
impish_389-ds-base: not-affected (1.4.0.13-1)
jammy_389-ds-base: not-affected (1.4.0.13-1)
devel_389-ds-base: not-affected (1.4.0.13-1)