CVE-2013-2219

EUVD-2013-2172
The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
fedoraproject389_directory_server
-
redhatdirectory_server
𝑥
≤ 8.2
redhatdirectory_server
7.1
redhatdirectory_server
8.0
redhatdirectory_server
8.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
389-ds-base
bookworm
2.3.1+dfsg1-1
fixed
bullseye
1.4.4.11-2
fixed
sid
3.1.1+dfsg1-2
fixed
trixie
3.1.1+dfsg1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
389-ds-base
lucid
dne
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
not-affected
vivid
not-affected
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2013-1116.html
http://rhn.redhat.com/errata/RHSA-2013-1119.html
https://bugzilla.redhat.com/show_bug.cgi?id=979508
http://rhn.redhat.com/errata/RHSA-2013-1116.html
http://rhn.redhat.com/errata/RHSA-2013-1119.html
https://bugzilla.redhat.com/show_bug.cgi?id=979508