CVE-2014-8105 — Sensitive Information Exposure in 389 Directory Server

CWE-200 — Sensitive Information Exposure CWE-862 — Missing Authorization8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 35.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Port389 389-ds-base Fedoraproject 389 Directory Server Fedoraproject Fedora

Timeline

PublishedMar 10

Latest updateMay 17

Description

389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDfedoraproject/389_directory_server1.3.2.26+5

▶Debianport389/389-ds-base< 1.3.3.5-4+2

Also affects: Fedora 22

🔴Vulnerability Details

GHSA

GHSA-vgvq-9gqr-48c9: 389 Directory Server before 1↗2022-05-17

▶

CVEList

CVE-2014-8105: 389 Directory Server before 1↗2015-03-10

▶

OSV

CVE-2014-8105: 389 Directory Server before 1↗2015-03-10

▶

📋Vendor Advisories

Red Hat

389-ds-base: information disclosure through 'cn=changelog' subtree↗2015-03-05

▶

Debian

CVE-2014-8105: 389-ds-base - 389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properl...↗2014

▶

💬Community

Bugzilla

CVE-2014-8112 CVE-2014-8105 389-ds-base: various flaws [fedora-all]↗2015-03-07

▶

Bugzilla

CVE-2014-8105 389-ds-base: information disclosure through 'cn=changelog' subtree↗2014-11-25

▶