CVE-2019-14824

Published: 08 November 2019

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
389-ds-base
Launchpad, Ubuntu, Debian
Upstream
Released (1.4.2.4-1, 1.3.3.5-4+deb8u7)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1.4.2.4-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1.4.2.4-1)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist