Your submission was sent successfully! Close

CVE-2019-11187

Published: 15 August 2019

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
fusiondirectory
Launchpad, Ubuntu, Debian
bionic Needs triage

disco Ignored
(reached end-of-life)
eoan Not vulnerable
(1.2.3-5)
focal Not vulnerable
(1.2.3-5)
groovy Not vulnerable
(1.2.3-5)
hirsute Not vulnerable
(1.2.3-5)
impish Not vulnerable
(1.2.3-5)
jammy Not vulnerable
(1.2.3-5)
precise Does not exist

trusty Does not exist

upstream
Released (1.2.3-5)
xenial Ignored
(end of standard support, was needs-triage)
gosa
Launchpad, Ubuntu, Debian
bionic Needs triage

disco Ignored
(reached end-of-life)
eoan Not vulnerable
(2.7.4+reloaded3-9)
focal Not vulnerable
(2.7.4+reloaded3-9)
groovy Not vulnerable
(2.7.4+reloaded3-9)
hirsute Not vulnerable
(2.7.4+reloaded3-9)
impish Not vulnerable
(2.7.4+reloaded3-9)
jammy Not vulnerable
(2.7.4+reloaded3-9)
precise Does not exist

trusty Does not exist

upstream
Released (2.7.4+reloaded3-9)
xenial
Released (2.7.4+reloaded2-9ubuntu1.1)