CVE-2022-1949
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.
Una vulnerabilidad de omisión de control de acceso encontrada en 389-ds-base. Ese manejo inapropiado del filtro que daría resultados incorrectos, pero a medida que ha avanzado, puede determinarse que en realidad es una omisión de control de acceso. Esto puede permitir a cualquier usuario remoto no autenticado emitir un filtro que permita buscar elementos de la base de datos a los que no presenta acceso, incluyendo pero no limitándose a los hashes de userPassword y otros datos confidenciales
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-05-31 CVE Reserved
- 2022-06-01 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-639: Authorization Bypass Through User-Controlled Key
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2091781 | 2023-08-08 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Port389 Search vendor "Port389" | 389-ds-base Search vendor "Port389" for product "389-ds-base" | >= 1.3.0.0 <= 2.0.0 Search vendor "Port389" for product "389-ds-base" and version " >= 1.3.0.0 <= 2.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Directory Server Search vendor "Redhat" for product "Directory Server" | 11.0 Search vendor "Redhat" for product "Directory Server" and version "11.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Directory Server Search vendor "Redhat" for product "Directory Server" | 12.0 Search vendor "Redhat" for product "Directory Server" and version "12.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||