CVE-2019-14824

Debian Bug report logs - #944150 389-ds-base: CVE-2019-14824: Read permission check bypass via the deref plugin Package: src:389-ds-base; Maintainer for src:389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 5 Nov 2019 06:24 ...

Synopsis Important: 389-ds-base security and bug fix update Type/Severity Security Advisory: Important Topic An update for 389-ds-base is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...

Synopsis Important: 389-ds:14 security update Type/Severity Security Advisory: Important Topic An update for the 389-ds:14 module is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A C ...

Synopsis Important: 389-ds:14 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for the 389-ds:14 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vuln ...

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes (CVE-2019-14824) ...

389-ds-base before versions 1385, 14012 is vulnerable to a Cleartext Storage of Sensitive Information By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files An attacker with sufficiently high privileges, such as root or Directory Manager, c ...