CVE-2019-14824

  • Published Date: Fri 08 Nov 2019
  • Last Modified Date: Wed 13 Nov 2019

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.

Impact

Severity: LOW
Exploitability Score: 6.8
Impact Score: 2.9
Attack Vector (AV): NETWORK
Attack Complexity (AC): MEDIUM
Privileges Required (PR): SINGLE
Availability (A): NONE

References (Advisories, Solutions, and Tools):



Note: This page is generated by our securitybot and has not been checked for errors. Feed Source: NVD