Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-10224

A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.

Published

2019-11-25T16:15:13.440

Last Modified

2024-11-21T04:18:41.753

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-522
Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fedoraproject	389_directory_server	< 1.4.1.3	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224 Issue Tracking, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html ([email protected])
https://pagure.io/389-ds-base/issue/50251 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html (af854a3a-2127-422b-91ae-364da2661108)
https://pagure.io/389-ds-base/issue/50251 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)