CVE-2019-13057

CVSS v2.0

6.3

Medium

Vector

AV:N/AC:M/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenLDAP versions prior to 2.4.48

Description An issue in the server allows a rootDN to request authorization as an identity from another database during a SASL bind or with a proxyAuthz control, potentially leading to information disclosure. This issue is particularly relevant in multi-tenant deployments where database isolation is desired.

Recommendations For versions prior to 2.4.48, update to version 2.4.48 or later to resolve the issue. As a temporary workaround, consider restricting the use of the proxyAuthz control and ensuring proper configuration of rootDN privileges to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

ALT-PU-2019-2556

ALT-PU-2019-2568

BDU:2019-04729

CVE-2019-13057

DLA-1891-1

MGASA-2019-0280

OPENSUSE-SU-2019:2157-1

OPENSUSE-SU-2019:2176-1

OPENSUSE-SU-2019_2157-1

OPENSUSE-SU-2019_2176-1

OPENSUSE-SU-2024:11121-1

ROSA-SA-2025-2550

SUSE-SU-2019:2390-1

SUSE-SU-2019:2395-1

SUSE-SU-2019_2390-1

SUSE-SU-2020:1210-1

SUSE-SU-2020:14353-1

SUSE-SU-2020_1210-1

SUSE-SU-2020_14353-1

USN-4078-1

USN-4078-2

Affected Products

Alt Linux

Openldap

Suse

Ubuntu

CVE-2019-13057

Weakness Enumeration

Related Identifiers

Affected Products

References · 110