Lucene search
Veracode Vulnerability DatabaseVERACODE:27849HistoryNov 09, 2020 - 12:50 p.m.
LDAP Authentication Bypass
2020-11-0912:50:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
0.013 Low
EPSS
Percentile
86.1%
alerta is vulnerable to LDAP authentication bypass. An attacker is able to bypass LDAP authentication by providing an empty password when the server is configured to use LDAP as the authentication provider.
| CPE | Name | Operator | Version |
|---|---|---|---|
| alerta-server | le | 8.0.3 | |
| alerta-server | le | 7.5.6 |
References
github.com/advisories/GHSA-5hmm-x8q8-w5jh
github.com/alerta/alerta/commit/2bfa31779a4c9df2fa68fa4d0c5c909698c5ef65
github.com/alerta/alerta/issues/1277
github.com/alerta/alerta/pull/1345
github.com/alerta/alerta/security/advisories/GHSA-5hmm-x8q8-w5jh
pypi.org/project/alerta-server/8.1.0/
tools.ietf.org/html/rfc4513#section-5.1.2
Related
nuclei
nuclei
Alerta < 8.1.0 - Authentication Bypass
2020-11-07 10:47:02
prion
prion
Authentication flaw
2020-11-06 18:15:00
osv
osv
PYSEC-2020-159
2020-11-06 18:15:00
LDAP authentication bypass with empty password
2020-11-06 17:35:49
CVE-2020-26214
2020-11-06 18:15:12
nvd
nvd
CVE-2020-26214
2020-11-06 18:15:12
cve
cve
CVE-2020-26214
2020-11-06 18:15:12
github
github
LDAP authentication bypass with empty password
2020-11-06 17:35:49
cvelist
cvelist
CVE-2020-26214 LDAP authentication bypass in Alerta
2020-11-06 17:50:17