CVE-2019-14824 — Incorrect Permission Assignment in Linux

CWE-732 — Incorrect Permission Assignment8 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 58.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Port389 389-ds-baseDebian LinuxRedhat Enterprise Linux
Timeline
PublishedNov 8
Latest updateMay 24

Description

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

â–¶Debianport389/389-ds-base< 1.4.2.4-1+2

Also affects: Debian Linux 8.0, Enterprise Linux 7.0

🔴Vulnerability Details

3
GHSA
GHSA-8wxh-5wv6-x378: A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values↗2022-05-24
â–¶
OSV
CVE-2019-14824: A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values↗2019-11-08
â–¶
CVEList
CVE-2019-14824: A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values↗2019-11-08
â–¶

📋Vendor Advisories

2
Red Hat
389-ds-base: Read permission check bypass via the deref plugin↗2019-11-04
â–¶
Debian
CVE-2019-14824: 389-ds-base - A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'se...↗2019
â–¶

💬Community

2
Bugzilla
CVE-2019-14824 389-ds-base: Read permission check bypass via the deref plugin [fedora-all]↗2019-11-04
â–¶
Bugzilla
CVE-2019-14824 389-ds-base: Read permission check bypass via the deref plugin↗2019-08-30
â–¶
CVE-2019-14824 — Incorrect Permission Assignment | cvebase