CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1055 – RHDS: LDAP browser tries to decode userPassword instead of userCertificate attribute
https://notcve.org/view.php?id=CVE-2023-1055
27 Feb 2023 — A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality. A flaw was found in RHDS 11 and 12. • https://bugzilla.redhat.com/show_bug.cgi?id=2173517#c0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-295: Improper Certificate Validation •
CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 2CVE-2022-2850 – 389-ds-base: SIGSEGV in sync_repl
https://notcve.org/view.php?id=CVE-2022-2850
14 Oct 2022 — A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514. Se ha encontrado un fallo en 389-ds-base. • https://access.redhat.com/security/cve/CVE-2022-2850 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-1949
https://notcve.org/view.php?id=CVE-2022-1949
01 Jun 2022 — An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. Una vulnerabilidad de omisión de control de acceso encontrada en 389-ds... • https://bugzilla.redhat.com/show_bug.cgi?id=2091781 • CWE-639: Authorization Bypass Through User-Controlled Key •