CVE-2019-14824
Published: 8 November 2019
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
Priority
Status
Package | Release | Status |
---|---|---|
389-ds-base Launchpad, Ubuntu, Debian |
bionic |
Needed
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Not vulnerable
(1.4.2.4-1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(1.4.2.4-1, 1.3.3.5-4+deb8u7)
|
|
xenial |
Needed
|
|
impish |
Not vulnerable
(1.4.2.4-1)
|
|
groovy |
Not vulnerable
(1.4.2.4-1)
|
|
hirsute |
Not vulnerable
(1.4.2.4-1)
|
|
jammy |
Not vulnerable
(1.4.2.4-1)
|
|
kinetic |
Not vulnerable
(1.4.2.4-1)
|
|
lunar |
Not vulnerable
(1.4.2.4-1)
|
|
mantic |
Not vulnerable
(1.4.2.4-1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |