CVE-2019-10224

4.3MEDIUM

Key Information:

Vendor: Red Hat
Status: 389-ds-base
Vendor: CVE Published:; 25 November 2019

Summary

A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.

Affected Version(s)

389-ds-base 389-ds-base 1.4.x.x before 1.4.1.3

References

https://pagure.io/389-ds-base/issue/50251

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224

https://lists.debian.org/debian-lts-announce/2023/04/msg0...

mailing-list

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 25, 2019
Vulnerability Reserved
Mar 27, 2019