PT-2019-6232 · Red Hat+3 · 389-Ds-Base+4

Published

2019-11-05

Updated

2024-06-15

CVE-2019-14824

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions 389-ds-base (affected versions not specified)

Description The issue is related to the 'deref' plugin of the 389 Directory Server, where it incorrectly assigns permissions for a critical resource. This allows a remote attacker to access confidential data. In some configurations, an authenticated attacker could view private attributes, such as password hashes, by using the 'search' permission.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

ALT-PU-2019-3142

ALT-PU-2019-3188

BDU:2022-05827

CESA-2019_3401

CESA-2019_3981

CVE-2019-14824

DLA-2004-1

DLA-3399-1

MGASA-2019-0411

OPENSUSE-SU-2024:10593-1

RHSA-2019:3401

RHSA-2019:3981

RHSA-2019_3401

RHSA-2019_3981

RHSA-2020:0464

Affected Products

389-Ds-Base

Alt Linux

Astra Linux

Centos

Red Hat

PT-2019-6232 · Red Hat+3 · 389-Ds-Base+4

CVE-2019-14824

Weakness Enumeration

Related Identifiers

Affected Products

References · 43