Information Disclosure Vulnerability in 389-ds-base from Red Hat
CVE-2019-10224

4.3MEDIUM

Key Information:

Vendor

Red Hat
Status
389-ds-base
Vendor
CVE Published:
25 November 2019

What is CVE-2019-10224?

A security flaw exists in 389-ds-base versions prior to 1.4.1.3, which can cause sensitive information, including the Directory Manager password, to be exposed via commands run in verbose mode. If an attacker is capable of viewing a terminal session or capturing standard error output, they could potentially retrieve this sensitive data, leading to unauthorized access or compromise.

Affected Version(s)

389-ds-base 389-ds-base 1.4.x.x before 1.4.1.3

References

https://pagure.io/389-ds-base/issue/50251
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224
https://lists.debian.org/debian-lts-announce/2023/04/msg0...
mailing-list

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.