CVE-2020-35518
5.3
MEDIUM
CVSS 3.1
EPSS 0.80%
Description
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
How to fix CVE-2020-35518
To remediate CVE-2020-35518, upgrade the affected package to a fixed version below.
- Debian/389-ds-base—upgrade to 1.4.4.10-1 or later
Is CVE-2020-35518 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.4.4.10-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |