Vulnerability Description
A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | 389 Directory Server | >= 1.4.0.0, < 1.4.1.3 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224Issue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html
- https://pagure.io/389-ds-base/issue/50251Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224Issue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html
- https://pagure.io/389-ds-base/issue/50251Third Party Advisory
FAQ
What is CVE-2019-10224?
CVE-2019-10224 is a vulnerability with a CVSS score of 4.6 (MEDIUM). A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager p...
How severe is CVE-2019-10224?
CVE-2019-10224 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10224?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject 389 Directory Server.