Information Disclosure Vulnerability in 389-ds-base from Red Hat
CVE-2019-10224

4.3MEDIUM

Key Information:

Vendor: Red Hat
Status: 389-ds-base
Vendor: CVE Published:; 25 November 2019

Summary

A security flaw exists in 389-ds-base versions prior to 1.4.1.3, which can cause sensitive information, including the Directory Manager password, to be exposed via commands run in verbose mode. If an attacker is capable of viewing a terminal session or capturing standard error output, they could potentially retrieve this sensitive data, leading to unauthorized access or compromise.

Affected Version(s)

389-ds-base 389-ds-base 1.4.x.x before 1.4.1.3

References

https://pagure.io/389-ds-base/issue/50251

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224

https://lists.debian.org/debian-lts-announce/2023/04/msg0...

mailing-list

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 25, 2019
Vulnerability Reserved
Mar 27, 2019