Lucene search

Veracode Vulnerability DatabaseVERACODE:39655

HistoryMar 11, 2023 - 2:01 p.m.

Information Disclosure

2023-03-1114:01:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

56.7%

JSON

389-ds-base is vulnerable to Information Disclosure. The mishandling of a filter may lead to an access control bypass, allowing remote unauthenticated users to search for database items they do not have access to, such as userPassword hashes and other sensitive data.

CPENameOperatorVersion
389-ds-base:sideq1.4.4.16-1
389-ds-base:sideq1.4.4.8-1
389-ds-base:sideq1.4.4.16-1
389-ds-base:sideq1.4.4.8-1

Name	Operator	Version
389-ds-base:sid	eq	1.4.4.16-1
389-ds-base:sid	eq	1.4.4.8-1
389-ds-base:sid	eq	1.4.4.16-1
389-ds-base:sid	eq	1.4.4.8-1

References

bugzilla.redhat.com/show_bug.cgi?id=2091781

security-tracker.debian.org/tracker/CVE-2022-1949

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

56.7%

JSON

Related for VERACODE:39655