CVE-2019-14824
Description
A flaw was found in the deref plugin of 389-ds-base where it could use the search permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.194
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2019:3981) 389-ds-base security and bug fix update 389-ds-base-1.3.9.1-12.el7_7.x86_64.rpm | Linux |
| (RHSA-2019:3981) 389-ds-base security and bug fix update 389-ds-base-devel-1.3.9.1-12.el7_7.x86_64.rpm | Linux |
| (RHSA-2019:3981) 389-ds-base security and bug fix update 389-ds-base-libs-1.3.9.1-12.el7_7.x86_64.rpm | Linux |
| (RHSA-2019:3981) 389-ds-base security and bug fix update 389-ds-base-snmp-1.3.9.1-12.el7_7.x86_64.rpm | Linux |
| (RHSA-2019:3401) 389-ds:1.4 security, bug fix, and enhancement update 389-ds-base-1.4.1.3-7.module+el8.1.0+4150+5b8c2c1f.x86_64.rpm | Linux |
| (RHSA-2019:3401) 389-ds:1.4 security, bug fix, and enhancement update 389-ds-base-debugsource-1.4.1.3-7.module+el8.1.0+4150+5b8c2c1f.x86_64.rpm | Linux |
| (RHSA-2019:3401) 389-ds:1.4 security, bug fix, and enhancement update 389-ds-base-devel-1.4.1.3-7.module+el8.1.0+4150+5b8c2c1f.x86_64.rpm | Linux |
| (RHSA-2019:3401) 389-ds:1.4 security, bug fix, and enhancement update 389-ds-base-legacy-tools-1.4.1.3-7.module+el8.1.0+4150+5b8c2c1f.x86_64.rpm | Linux |
| (RHSA-2019:3401) 389-ds:1.4 security, bug fix, and enhancement update 389-ds-base-libs-1.4.1.3-7.module+el8.1.0+4150+5b8c2c1f.x86_64.rpm | Linux |
| (RHSA-2019:3401) 389-ds:1.4 security, bug fix, and enhancement update 389-ds-base-snmp-1.4.1.3-7.module+el8.1.0+4150+5b8c2c1f.x86_64.rpm | Linux |
| (RHSA-2019:3401) 389-ds:1.4 security, bug fix, and enhancement update python3-lib389-1.4.1.3-7.module+el8.1.0+4150+5b8c2c1f.noarch.rpm | Linux |
| 389-ds-base update (ELSA-2019-3981) 389-ds-base-1.3.9.1-12.el7_7.x86_64.rpm | Linux |
| 389-ds-base-devel update (ELSA-2019-3981) 389-ds-base-devel-1.3.9.1-12.el7_7.x86_64.rpm | Linux |
| 389-ds-base-libs update (ELSA-2019-3981) 389-ds-base-libs-1.3.9.1-12.el7_7.x86_64.rpm | Linux |
| 389-ds-base-snmp update (ELSA-2019-3981) 389-ds-base-snmp-1.3.9.1-12.el7_7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234