Lucene search
K

4 matches found

OSV
OSV
added 2020/04/01 10:15 p.m.12 views

CVE-2020-1958

When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based...

6.5CVSS6.5AI score
Exploits0References8
NVD
NVD
added 2020/04/01 10:15 p.m.17 views

CVE-2020-1958

When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based...

6.5CVSS6.4AI score0.04565EPSS
Exploits0References8
CVE
CVE
added 2020/04/01 9:48 p.m.93 views

CVE-2020-1958

Apache Druid 0.17.0 is affected by CVE-2020-1958, which allows an attacker using valid LDAP credentials to bypass the credentialsValidator.userSearch filter and proceed to authentication, while still being subjected to RBAC if configured. The issue also enables retrieval of LDAP attribute values ...

6.5CVSS6.3AI score0.04565EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2020/04/01 9:48 p.m.19 views

CVE-2020-1958

When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based...

6.4AI score0.04565EPSS
Exploits0References8
Rows per page
Query Builder