CVE-2019-11187
Published: 15 August 2019
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.
Priority
Low
CVSS 3 base score: 9.8
Status
| Package | Release | Status |
|---|---|---|
|
fusiondirectory Launchpad, Ubuntu, Debian |
Upstream |
Released
(1.2.3-5)
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(1.2.3-5)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(1.2.3-5)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needs triage
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Needs triage
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
gosa Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.7.4+reloaded3-9)
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(2.7.4+reloaded3-9)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(2.7.4+reloaded3-9)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needs triage
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(2.7.4+reloaded2-9ubuntu1.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|