rpm package
opensuse/owasp-modsecurity-crs&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/owasp-modsecurity-crs&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-5003 | — | < 4.10.0-1.1 | 4.10.0-1.1 | Oct 16, 2023 | The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do | ||
| CVE-2021-40438 | — | KEV | < 4.9.0-1.1 | 4.9.0-1.1 | Sep 16, 2021 | A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. |
- CVE-2023-5003Oct 16, 2023affected < 4.10.0-1.1fixed 4.10.0-1.1
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do
- affected < 4.9.0-1.1fixed 4.9.0-1.1
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.