CVE-2019-13057 — Sensitive Information Exposure in Openldap

CWE-200 — Sensitive Information Exposure13 documents9 sources

Severity

4.9MEDIUMNVD

EPSS

0.6%

top 31.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openldap Apple MAC OS X Mcafee Policy Auditor +6 more

Timeline

PublishedJul 26

Latest updateMay 24

Description

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administra…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages9 packages

▶NVDopenldap/openldap< 2.4.48

▶Debianopenldap/openldap< 2.4.48+dfsg-1+3

▶Ubuntuopenldap/openldap< 2.4.42+dfsg-2ubuntu3.6+2

▶NVDapple/mac_os_x10.13 — 10.13.6+4

▶NVDmcafee/policy_auditor< 6.5.1+1

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.04

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-5x95-66xj-7chm: An issue was discovered in the server in OpenLDAP before 2↗2022-05-24

▶

OSV

openldap vulnerabilities↗2019-08-19

▶

OSV

openldap vulnerabilities↗2019-07-30

▶

OSV

CVE-2019-13057: An issue was discovered in the server in OpenLDAP before 2↗2019-07-26

▶

CVEList

CVE-2019-13057: An issue was discovered in the server in OpenLDAP before 2↗2019-07-26

▶

📋Vendor Advisories

Apple

CVE-2019-13057: macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra↗2019-12-10

▶

Ubuntu

OpenLDAP vulnerabilities↗2019-08-19

▶

Ubuntu

OpenLDAP vulnerabilities↗2019-07-30

▶

Red Hat

openldap: Information disclosure issue in slapd component↗2019-07-25

▶

Debian

CVE-2019-13057: openldap - An issue was discovered in the server in OpenLDAP before 2.4.48. When the server...↗2019

▶

💬Community

Bugzilla

CVE-2019-13057 openldap: Information disclosure issue in slapd component [fedora-all]↗2019-07-31

▶

Bugzilla

CVE-2019-13057 openldap: Information disclosure issue in slapd component↗2019-07-16

▶