PT-2019-6232 · Red Hat+3 · 389-Ds-Base+4

Publicado

2019-11-05

Atualizado

2024-06-15

CVE-2019-14824

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions 389-ds-base (affected versions not specified)

Description The issue is related to the 'deref' plugin of the 389 Directory Server, where it incorrectly assigns permissions for a critical resource. This allows a remote attacker to access confidential data. In some configurations, an authenticated attacker could view private attributes, such as password hashes, by using the 'search' permission.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

ALT-PU-2019-3142

ALT-PU-2019-3188

BDU:2022-05827

CESA-2019_3401

CESA-2019_3981

CVE-2019-14824

DLA-2004-1

DLA-3399-1

MGASA-2019-0411

OPENSUSE-SU-2024:10593-1

RHSA-2019:3401

RHSA-2019:3981

RHSA-2019_3401

RHSA-2019_3981

RHSA-2020:0464

Produtos afetados

389-Ds-Base

Alt Linux

Astra Linux

Centos

Red Hat

PT-2019-6232 · Red Hat+3 · 389-Ds-Base+4

CVE-2019-14824

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 43