5.5

CVE-2023-1055

EPSS 0.05%
Published 27.02.2023 22:15:09
Last modified 21.11.2024 07:38:22
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.

Affected products Warnungen 0 Metrics 2 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Directory Server Version11.5

Redhat ≫ Directory Server Version11.6

Redhat ≫ Directory Server Version12.0

Redhat ≫ Directory Server Version12.1

Fedoraproject ≫ Fedora Version36

Fedoraproject ≫ Fedora Version37

Fedoraproject ≫ Fedora Version38

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.105

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://bugzilla.redhat.com/show_bug.cgi?id=2173517#c0

Vendor Advisory

Issue Tracking

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZOYQ5TCV6ZEPMDV4CSLK3KINAAO4SRI/

https://nvd.nist.gov/vuln/detail/CVE-2023-1055

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-1055

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-1055

EUVD