CVE-2020-35518
published 2021-03-26CVE-2020-35518: When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | 389-ds-base | < 389-ds-base 1.4.4.10-1 (bookworm) | 389-ds-base 1.4.4.10-1 (bookworm) |
| port389 | 389-ds-base | >= 0 < 1.4.4.10-1 | 1.4.4.10-1 |
| port389 | 389-ds-base | >= 0 < 1.4.4.10-1 | 1.4.4.10-1 |
| port389 | 389-ds-base | >= 0 < 1.4.4.10-1 | 1.4.4.10-1 |
| port389 | 389-ds-base | >= 0 < 1.3.4.9-1ubuntu0.1~esm1 | 1.3.4.9-1ubuntu0.1~esm1 |
| port389 | 389-ds-base | >= 0 < 1.3.7.10-1ubuntu1+esm1 | 1.3.7.10-1ubuntu1+esm1 |
| port389 | 389-ds-base | >= 0 < 1.4.3.6-2ubuntu0.1~esm1 | 1.4.3.6-2ubuntu0.1~esm1 |
| redhat | 389_directory_server | < 1.4.3.19 | 1.4.3.19 |
| redhat | 389_directory_server | >= 1.4.4.0 < 1.4.4.13 | 1.4.4.13 |
| redhat | 389_directory_server | >= 2.0.0 < 2.0.3 | 2.0.3 |
| redhat | directory_server | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv5.3MEDIUM