5.5

CVE-2023-1055

EPSS 0.05%
Veröffentlicht 27.02.2023 22:15:09
Zuletzt bearbeitet 21.11.2024 07:38:22
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Directory Server Version11.5

Redhat ≫ Directory Server Version11.6

Redhat ≫ Directory Server Version12.0

Redhat ≫ Directory Server Version12.1

Fedoraproject ≫ Fedora Version36

Fedoraproject ≫ Fedora Version37

Fedoraproject ≫ Fedora Version38

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.105

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://bugzilla.redhat.com/show_bug.cgi?id=2173517#c0

Vendor Advisory

Issue Tracking

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZOYQ5TCV6ZEPMDV4CSLK3KINAAO4SRI/

https://nvd.nist.gov/vuln/detail/CVE-2023-1055

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-1055

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-1055

EUVD