CVE-2019-10224
389-ds-base: using dscreate in verbose mode results in information disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.
Se ha encontrado un fallo en 389-ds-base versiones 1.4.x.x anteriores a 1.4.1.3. Cuando se ejecuta en modo verbose, los comandos dscreate y dsconf pueden mostrar información confidencial, tales como la contraseña de Directory Manager. Un atacante, capaz de visualizar la pantalla o grabar la salida de error estándar del terminal, podría utilizar este fallo para conseguir información confidencial.
When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-27 CVE Reserved
- 2019-11-06 CVE Published
- 2023-09-29 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224 | Issue Tracking | |
https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html | Mailing List | |
https://pagure.io/389-ds-base/issue/50251 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2019-10224 | 2019-11-05 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1677147 | 2019-11-05 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Fedoraproject Search vendor "Fedoraproject" | 389 Directory Server Search vendor "Fedoraproject" for product "389 Directory Server" | >= 1.4.0.0 < 1.4.1.3 Search vendor "Fedoraproject" for product "389 Directory Server" and version " >= 1.4.0.0 < 1.4.1.3" | - |
Affected
|