CVE-2019-14824
389-ds-base - security update
6.5
MEDIUM
CVSS 3.1
EPSS 0.40%
Description
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
How to fix CVE-2019-14824
To remediate CVE-2019-14824, upgrade the affected package to a fixed version below.
- Debian/389-ds-base—upgrade to 1.4.2.4-1 or later
- —upgrade to 1.3.3.5-4+deb8u7 or later
Is CVE-2019-14824 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.4.2.4-1
- from 0, < 1.3.3.5-4+deb8u7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |