Published: 25/11/2019 Updated: 24/04/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 4.6 | Impact Score: 3.6 | Exploitability Score: 0.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

A flaw has been found in 389-ds-base versions 1.4.x.x prior to 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject 389 directory server

Synopsis Important: 389-ds:14 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for the 389-ds:14 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vuln ...

389-ds-base before versions 1385, 14012 is vulnerable to a Cleartext Storage of Sensitive Information By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files An attacker with sufficiently high privileges, such as root or Directory Manager, c ...

CWE-200 https://pagure.io/389-ds-base/issue/50251 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224 https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html https://access.redhat.com/errata/RHSA-2019:3401 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2020-1334.html

CVE-2019-10224

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect