Vulnerability Description
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | 389 Directory Server | - |
| Redhat | Enterprise Linux | 7.0 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2019:3981Vendor Advisory
- https://access.redhat.com/errata/RHSA-2020:0464Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824Issue TrackingVendor Advisory
- https://lists.debian.org/debian-lts-announce/2019/11/msg00036.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html
- https://access.redhat.com/errata/RHSA-2019:3981Vendor Advisory
- https://access.redhat.com/errata/RHSA-2020:0464Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824Issue TrackingVendor Advisory
- https://lists.debian.org/debian-lts-announce/2019/11/msg00036.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html
FAQ
What is CVE-2019-14824?
CVE-2019-14824 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view...
How severe is CVE-2019-14824?
CVE-2019-14824 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14824?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject 389 Directory Server, Redhat Enterprise Linux, Debian Debian Linux.