Unrated severityNVD Advisory· Published Nov 8, 2019· Updated Feb 13, 2025

CVE-2019-14824

Description

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.

Affected products

Unknown/389 Ds Basev5
Range: n/a

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2019:3981mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2020:0464mitrevendor-advisoryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
lists.debian.org/debian-lts-announce/2019/11/msg00036.htmlmitremailing-listx_refsource_MLIST
lists.debian.org/debian-lts-announce/2023/04/msg00026.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000