CVE-2019-10224
Published: 25 November 2019
A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.
Priority
Low
CVSS 3 base score: 4.6
Status
| Package | Release | Status |
|---|---|---|
|
389-ds-base Launchpad, Ubuntu, Debian |
Upstream |
Released
(1.4.1.5-1)
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(1.4.1.5-1)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(1.4.1.5-1)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needed
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Needed
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
python-lib389 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|