Back to search
CVE-2022-1949
Published: Jun 1, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.
| Vendor | Product | Versions |
|---|---|---|
n/a | 389-ds-base | affected 389-ds-base-2.0 |
References
https://bugzilla.redhat.com/show_bug.cgi?id=2091781
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now