Authentication Bypass Vulnerability in 389-ds-base Deref Plugin by Red Hat
CVE-2019-14824

6.5MEDIUM

Key Information:

Vendor: [unknown]
Status: 389-ds-base
Vendor: CVE Published:; 8 November 2019

🔔 Create [unknown] Vulnerability Alert

What is CVE-2019-14824?

A flaw in the deref plugin of the 389-ds-base product allows an authenticated attacker to leverage search permissions to view sensitive attribute values. This includes private data, such as password hashes, in certain configurations, posing a security risk by potentially exposing confidential information.

Affected Version(s)

389-ds-base

References

https://access.redhat.com/errata/RHSA-2019:3981

vendor-advisoryx_refsource_REDHAT

https://lists.debian.org/debian-lts-announce/2019/11/msg0...

mailing-listx_refsource_MLIST

https://access.redhat.com/errata/RHSA-2020:0464

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2019
Vulnerability Reserved
Aug 10, 2019

CVE-2019-14824 Data

.