4 matches found
CVE-2020-1958
When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based...
CVE-2020-1958
When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based...
CVE-2020-1958
Apache Druid 0.17.0 is affected by CVE-2020-1958, which allows an attacker using valid LDAP credentials to bypass the credentialsValidator.userSearch filter and proceed to authentication, while still being subjected to RBAC if configured. The issue also enables retrieval of LDAP attribute values ...
CVE-2020-1958
When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based...