2.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:S/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
69.8%
Howard Chu reports:
An ACL of the form ‘access to dn.subtree=“ou=groups,
dc=example,dc=com” attr=member by * selfwrite’ is intended
to only allow users to add/delete their own DN to the
target attribute. Currently it allows any DNs to be
modified.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | openldap-server | < 2.3.25 | UNKNOWN |
FreeBSD | any | noarch | openldap-sasl-server | < 2.3.25 | UNKNOWN |