It was discovered that spring-ldap would under some circumstances allow authentication with a correct username but an arbitrary password (CVE-2017-8028).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | spring-ldap | < 1.3.1-14.1 | spring-ldap-1.3.1-14.1.mga6 |