CVE-2020-35518

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-35518
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35518.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-35518
Related
Published
2021-03-26T17:15:12Z
Modified
2025-04-12T04:49:21.157216Z
Downstream
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

References

Affected packages

Debian:11 / 389-ds-base

Package

Name
389-ds-base
Purl
pkg:deb/debian/389-ds-base?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.4.10-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / 389-ds-base

Package

Name
389-ds-base
Purl
pkg:deb/debian/389-ds-base?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.4.10-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / 389-ds-base

Package

Name
389-ds-base
Purl
pkg:deb/debian/389-ds-base?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.4.10-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/389ds/389-ds-base

Affected ranges

Type
GIT
Repo
https://github.com/389ds/389-ds-base
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32
Fixed
b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32
Fixed
cc0f69283abc082488824702dae485b8eae938bc
Fixed
cc0f69283abc082488824702dae485b8eae938bc

Affected versions

389-ds-base-1.*

389-ds-base-1.2.10.a1
389-ds-base-1.2.10.a2
389-ds-base-1.2.10.a3
389-ds-base-1.2.10.a4
389-ds-base-1.2.10.a5
389-ds-base-1.2.10.a6
389-ds-base-1.2.10.a7
389-ds-base-1.2.10.a8
389-ds-base-1.2.10.rc1
389-ds-base-1.2.11.a1
389-ds-base-1.2.3
389-ds-base-1.2.4
389-ds-base-1.2.5.a1
389-ds-base-1.2.5.rc1
389-ds-base-1.2.5.rc2
389-ds-base-1.2.5.rc3
389-ds-base-1.2.5.rc4
389-ds-base-1.2.6.a1
389-ds-base-1.2.6.a2
389-ds-base-1.2.6.a3
389-ds-base-1.2.6.a4
389-ds-base-1.2.6.rc1
389-ds-base-1.2.6.rc2
389-ds-base-1.2.6.rc3
389-ds-base-1.2.7
389-ds-base-1.2.7.1
389-ds-base-1.2.7.2
389-ds-base-1.2.7.3
389-ds-base-1.2.7.4
389-ds-base-1.2.7.a1
389-ds-base-1.2.7.a2
389-ds-base-1.2.7.a3
389-ds-base-1.2.7.a4
389-ds-base-1.2.7.a5
389-ds-base-1.2.8.a1
389-ds-base-1.2.8.a2
389-ds-base-1.2.9.0
389-ds-base-1.2.9.1
389-ds-base-1.2.9.2
389-ds-base-1.2.9.3
389-ds-base-1.2.9.4
389-ds-base-1.2.9.5
389-ds-base-1.2.9.a1
389-ds-base-1.2.9.a2
389-ds-base-1.3.0.a1
389-ds-base-1.3.0.rc1
389-ds-base-1.3.5.0
389-ds-base-1.3.5.1
389-ds-base-1.3.5.10
389-ds-base-1.3.5.11
389-ds-base-1.3.5.12
389-ds-base-1.3.5.13
389-ds-base-1.3.5.2
389-ds-base-1.3.5.3
389-ds-base-1.3.5.4
389-ds-base-1.3.5.5
389-ds-base-1.3.5.6
389-ds-base-1.3.5.7
389-ds-base-1.3.5.8
389-ds-base-1.3.5.9
389-ds-base-1.3.6.0
389-ds-base-1.3.6.1
389-ds-base-1.3.6.2
389-ds-base-1.3.6.3
389-ds-base-1.3.6.4
389-ds-base-1.3.7.0
389-ds-base-1.3.7.2
389-ds-base-1.3.7.3
389-ds-base-1.3.7.4
389-ds-base-1.4.0.0
389-ds-base-1.4.0.1
389-ds-base-1.4.0.10
389-ds-base-1.4.0.11
389-ds-base-1.4.0.12
389-ds-base-1.4.0.13
389-ds-base-1.4.0.14
389-ds-base-1.4.0.15
389-ds-base-1.4.0.16
389-ds-base-1.4.0.17
389-ds-base-1.4.0.18
389-ds-base-1.4.0.19
389-ds-base-1.4.0.2
389-ds-base-1.4.0.20
389-ds-base-1.4.0.3
389-ds-base-1.4.0.4
389-ds-base-1.4.0.5
389-ds-base-1.4.0.6
389-ds-base-1.4.0.7
389-ds-base-1.4.0.8
389-ds-base-1.4.0.9
389-ds-base-1.4.1.0
389-ds-base-1.4.1.1
389-ds-base-1.4.1.2
389-ds-base-1.4.1.3
389-ds-base-1.4.1.4
389-ds-base-1.4.1.5
389-ds-base-1.4.1.6
389-ds-base-1.4.2.1
389-ds-base-1.4.2.2
389-ds-base-1.4.2.3
389-ds-base-1.4.2.4
389-ds-base-1.4.2.5
389-ds-base-1.4.3.1
389-ds-base-1.4.3.2
389-ds-base-1.4.3.3
389-ds-base-1.4.3.4
389-ds-base-1.4.3.5
389-ds-base-1.4.4.0
389-ds-base-1.4.4.1
389-ds-base-1.4.4.2
389-ds-base-1.4.4.3
389-ds-base-1.4.4.4
389-ds-base-1.4.4.5
389-ds-base-1.4.5.0

389-ds-base-2.*

389-ds-base-2.0.0
389-ds-base-2.0.0.0
389-ds-base-2.0.1
389-ds-base-2.0.2

Other

Directory_Server_8_1_Candidate_20090324
FedoraDirSvr10
FedoraDirSvr110a1
FedoraDirSvr110a2
FedoraDirSvr110a3
FedoraDirSvr110a3_20070320
FedoraDirSvr110a4
FedoraDirSvr110a4_20070720
FedoraDirSvr110b1
FedoraDirSvr110b1_20070813
FedoraDirSvr110b1_20070816
FedoraDirSvr110b2
FedoraDirSvr110b2_20071107
FedoraDirSvr111
FedoraDirSvr111_20080530
FedoraDirSvr_1_1_2
FedoraDirSvr_1_1_2_20080904
FedoraDirSvr_1_1_2_RC
FedoraDirSvr_1_1_2_RC2
FedoraDirSvr_1_1_2_RC_20080828
FedoraDirSvr_1_1_3_20080923
FedoraDirSvr_20051103_RTC
before-merge-nunc-stans
ldapserver7x