Ben Grinberg

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals.

**Name of the Vulnerable Software and Affected Versions** Jenkins LDAP Plugin versions prior to 807.v7d7de30930cf **Description** The plugin deserializes data from LDAP referrals without proper validation. Deserialization is the process of converting a data stream back into an object, which, when performed on untrusted data without validation, can lead to security compromises. **Recommendations** Update to a version later than 807.v7d7de30930cf.

**Name of the Vulnerable Software and Affected Versions** DataHub versions prior to 1.3.1.8 **Description** DataHub, an open-source metadata platform, has an issue in its LDAP ingestion source. Specifically, versions before 1.3.1.8 are susceptible to a man-in-the-middle (MITM) attack due to a TLS downgrade. This allows an attacker to intercept and potentially modify communications between the DataHub platform and the LDAP server. **Recommendations** Update to DataHub version 1.3.1.8 or later.

**GNU inetutils telnetd versions prior to 2.8** **Description** A buffer overflow exists in the LINEMODE SLC (Set Local Characters) suboption handler of the telnetd daemon. The issue occurs because the `add slc()` function does not verify if the buffer is full before copying data, leading to an out-of-bounds write. An unauthenticated remote attacker can exploit this by sending a specially crafted packet during the initial connection handshake via port 23, potentially achieving remote code execution with root privileges. Approximately 50,000 internet-exposed assets have been identified as potentially affected. **Recommendations** Disable the telnetd service immediately and replace it with SSH. Block all external access to TCP port 23 at the network perimeter and host-based firewalls.