Lucene search
PRIOn knowledge basePRION:CVE-2023-1055HistoryFeb 27, 2023 - 10:15 p.m.
Cross site request forgery (csrf)
2023-02-2722:15:00
PRIOn knowledge base
www.prio-n.com
5
cross site request forgery
ldap security
sensitive information leak
local account access
data confidentiality
A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fedora | eq | 36 | |
| fedora | eq | 37 | |
| fedora | eq | 38 | |
| directory_server | eq | 12.0 | |
| directory_server | eq | 12.1 | |
| directory_server | eq | 11.5 | |
| directory_server | eq | 11.6 |
Related
nessus
nessus
RHEL 9 : redhat-ds:12 (RHSA-2023:3489)
2024-04-28 00:00:00
Fedora 38 : 389-ds-base (2023-c92be0dfa0)
2023-07-26 00:00:00
RHEL 8 : redhat-ds:11 (RHSA-2023:4655)
2024-04-28 00:00:00
debiancve
debiancve
CVE-2023-1055
2023-02-27 22:15:09
redhatcve
redhatcve
CVE-2023-1055
2023-02-27 10:59:31
cve
cve
CVE-2023-1055
2023-02-27 22:15:09
nvd
nvd
CVE-2023-1055
2023-02-27 22:15:09
redhat
redhat
fedora
fedora
[SECURITY] Fedora 38 Update: 389-ds-base-2.3.5-1.fc38
2023-07-26 00:35:39
cvelist
cvelist
CVE-2023-1055
2023-02-27 00:00:00
veracode
veracode
Information Exposure
2024-01-13 05:37:51
openvas
openvas
Fedora: Security Advisory for 389-ds-base (FEDORA-2023-c92be0dfa0)
2023-07-26 00:00:00
ubuntucve
ubuntucve
CVE-2023-1055
2023-02-27 00:00:00