CVE-2019-14824
08.11.2019, 15:15
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | 389_directory_server | - |
| redhat | enterprise_linux | 7.0 |
| debian | debian_linux | 8.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Red Hat Enterprise Linux Releases
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| 389-ds-base |
| ||||
| 389-ds-base-debuginfo |
| ||||
| 389-ds-base-devel |
| ||||
| 389-ds-base-libs |
| ||||
| 389-ds-base-snmp |
|
Common Weakness Enumeration
References