alerta is vulnerable to LDAP authentication bypass. An attacker is able to bypass LDAP authentication by providing an empty password when the server is configured to use LDAP as the authentication provider.
CPE | Name | Operator | Version |
---|---|---|---|
alerta-server | le | 8.0.3 | |
alerta-server | le | 7.5.6 |
github.com/advisories/GHSA-5hmm-x8q8-w5jh
github.com/alerta/alerta/commit/2bfa31779a4c9df2fa68fa4d0c5c909698c5ef65
github.com/alerta/alerta/issues/1277
github.com/alerta/alerta/pull/1345
github.com/alerta/alerta/security/advisories/GHSA-5hmm-x8q8-w5jh
pypi.org/project/alerta-server/8.1.0/
tools.ietf.org/html/rfc4513#section-5.1.2