Information Disclosure

2021-01-2302:17:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

389-ds-base is vulnerable to information disclosure. The vulnerability exist because the reply from 389-ds-base is different depending on whether the DN exist or not, thus an attacker is able to check the existence of an entry in the LDAP database.

CPENameOperatorVersion
389-ds-base:sideq1.4.4.8-1
389-ds-base:bullseyeeq1.4.4.8-1
389-ds-baseeq1.3.7.5__25.el7_5
389-ds-baseeq1.3.8.4__23.el7_6
389-ds-baseeq1.3.3.1__16.ael7b_1
389-ds-baseeq1.3.10.1__14.el7_8
389-ds-baseeq1.3.10.1__9.el7_8
389-ds-baseeq1.3.3.1__23.ael7b_1
389-ds-baseeq1.3.10.2__10.el7_9
389-ds-baseeq1.3.10.2__9.el7_9

Name	Operator	Version
389-ds-base:sid	eq	1.4.4.8-1
389-ds-base:bullseye	eq	1.4.4.8-1
389-ds-base	eq	1.3.7.5__25.el7_5
389-ds-base	eq	1.3.8.4__23.el7_6
389-ds-base	eq	1.3.3.1__16.ael7b_1
389-ds-base	eq	1.3.10.1__14.el7_8
389-ds-base	eq	1.3.10.1__9.el7_8
389-ds-base	eq	1.3.3.1__23.ael7b_1
389-ds-base	eq	1.3.10.2__10.el7_9
389-ds-base	eq	1.3.10.2__9.el7_9