PublicDateAtUSN: 2019-08-15 17:15:00 UTC
Candidate: CVE-2019-11187
PublicDate: 2019-08-15 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11187
 https://ubuntu.com/security/notices/USN-4609-1
Description:
 Incorrect Access Control in the LDAP class of GONICUS GOsa through
 2019-04-11 allows an attacker to log into any account with a username
 containing the case-insensitive substring "success" when an arbitrary
 password is provided.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_fusiondirectory:
upstream_fusiondirectory: released (1.2.3-5)
precise/esm_fusiondirectory: DNE
trusty_fusiondirectory: ignored (out of standard support)
trusty/esm_fusiondirectory: DNE
xenial_fusiondirectory: ignored (end of standard support, was needs-triage)
bionic_fusiondirectory: needs-triage
disco_fusiondirectory: ignored (reached end-of-life)
eoan_fusiondirectory: not-affected (1.2.3-5)
focal_fusiondirectory: not-affected (1.2.3-5)
groovy_fusiondirectory: not-affected (1.2.3-5)
hirsute_fusiondirectory: not-affected (1.2.3-5)
impish_fusiondirectory: not-affected (1.2.3-5)
jammy_fusiondirectory: not-affected (1.2.3-5)
devel_fusiondirectory: not-affected (1.2.3-5)

Patches_gosa:
upstream_gosa: released (2.7.4+reloaded3-9)
precise/esm_gosa: DNE
trusty_gosa: ignored (out of standard support)
trusty/esm_gosa: DNE
xenial_gosa: released (2.7.4+reloaded2-9ubuntu1.1)
bionic_gosa: needs-triage
disco_gosa: ignored (reached end-of-life)
eoan_gosa: not-affected (2.7.4+reloaded3-9)
focal_gosa: not-affected (2.7.4+reloaded3-9)
groovy_gosa: not-affected (2.7.4+reloaded3-9)
hirsute_gosa: not-affected (2.7.4+reloaded3-9)
impish_gosa: not-affected (2.7.4+reloaded3-9)
jammy_gosa: not-affected (2.7.4+reloaded3-9)
devel_gosa: not-affected (2.7.4+reloaded3-9)