A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2173517#c0 | Issue Tracking Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZOYQ5TCV6ZEPMDV4CSLK3KINAAO4SRI/ |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 04:02
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
02 Aug 2023, 17:18
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZOYQ5TCV6ZEPMDV4CSLK3KINAAO4SRI/ - Mailing List | |
CPE | cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
26 Jul 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Mar 2023, 17:29
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Redhat directory Server Fedoraproject fedora Redhat |
|
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:a:redhat:directory_server:12.1:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:a:redhat:directory_server:11.6:*:*:*:*:*:*:* cpe:2.3:a:redhat:directory_server:12.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:directory_server:11.5:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
CWE | CWE-295 | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2173517#c0 - Issue Tracking, Vendor Advisory |
27 Feb 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-27 22:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-1055
Mitre link : CVE-2023-1055
CVE.ORG link : CVE-2023-1055
JSON object : View
Products Affected
redhat
- directory_server
fedoraproject
- fedora