QwikSec

Security Database

CVE

CWE

Training

CVE-2015-10027

Published: Jan 7, 2023

Modified: Aug 6, 2024

PUBLISHED

CVSS v3.1

5.5

MEDIUM

Description

A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The patch is identified as a7f7a5a82d9202a5c40d606a5c519ba61b224eb8. It is recommended to upgrade the affected component. VDB-217622 is the identifier assigned to this vulnerability.

Vendor	Product	Versions
hydrian	TTRSS-Auth-LDAP	affected `n/a`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://vuldb.com/?id.217622

vdb-entry

technical-description

https://vuldb.com/?ctiid.217622

signature

permissions-required

https://github.com/hydrian/TTRSS-Auth-LDAP/pull/14

issue-tracking

https://github.com/hydrian/TTRSS-Auth-LDAP/commit/a7f7a5a82d9202a5c40d606a5c519ba61b224eb8

patch

https://github.com/hydrian/TTRSS-Auth-LDAP/releases/tag/2.0b1

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.