CVE-2020-35518

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-35518

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35518.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-35518

Related

Published

2021-03-26T17:15:12Z

Modified

2024-12-09T16:50:54.238077Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

References

Affected packages

Debian:11 / 389-ds-base

Package

Name: 389-ds-base
Purl: pkg:deb/debian/389-ds-base?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.4.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / 389-ds-base

Package

Name: 389-ds-base
Purl: pkg:deb/debian/389-ds-base?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.4.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/389ds/389-ds-base

Affected ranges

Type: GIT
Repo: https://github.com/389ds/389-ds-base
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32

Fixed

cc0f69283abc082488824702dae485b8eae938bc

Affected versions

389-ds-base-1.*

389-ds-base-1.2.10.a1

389-ds-base-1.2.10.a2

389-ds-base-1.2.10.a3

389-ds-base-1.2.10.a4

389-ds-base-1.2.10.a5

389-ds-base-1.2.10.a6

389-ds-base-1.2.10.a7

389-ds-base-1.2.10.a8

389-ds-base-1.2.10.rc1

389-ds-base-1.2.11.a1

389-ds-base-1.2.3

389-ds-base-1.2.4

389-ds-base-1.2.5.a1

389-ds-base-1.2.5.rc1

389-ds-base-1.2.5.rc2

389-ds-base-1.2.5.rc3

389-ds-base-1.2.5.rc4

389-ds-base-1.2.6.a1

389-ds-base-1.2.6.a2

389-ds-base-1.2.6.a3

389-ds-base-1.2.6.a4

389-ds-base-1.2.6.rc1

389-ds-base-1.2.6.rc2

389-ds-base-1.2.6.rc3

389-ds-base-1.2.7

389-ds-base-1.2.7.1

389-ds-base-1.2.7.2

389-ds-base-1.2.7.3

389-ds-base-1.2.7.4

389-ds-base-1.2.7.a1

389-ds-base-1.2.7.a2

389-ds-base-1.2.7.a3

389-ds-base-1.2.7.a4

389-ds-base-1.2.7.a5

389-ds-base-1.2.8.a1

389-ds-base-1.2.8.a2

389-ds-base-1.2.9.0

389-ds-base-1.2.9.1

389-ds-base-1.2.9.2

389-ds-base-1.2.9.3

389-ds-base-1.2.9.4

389-ds-base-1.2.9.5

389-ds-base-1.2.9.a1

389-ds-base-1.2.9.a2

389-ds-base-1.3.0.a1

389-ds-base-1.3.0.rc1

389-ds-base-1.3.5.0

389-ds-base-1.3.5.1

389-ds-base-1.3.5.10

389-ds-base-1.3.5.11

389-ds-base-1.3.5.12

389-ds-base-1.3.5.13

389-ds-base-1.3.5.2

389-ds-base-1.3.5.3

389-ds-base-1.3.5.4

389-ds-base-1.3.5.5

389-ds-base-1.3.5.6

389-ds-base-1.3.5.7

389-ds-base-1.3.5.8

389-ds-base-1.3.5.9

389-ds-base-1.3.6.0

389-ds-base-1.3.6.1

389-ds-base-1.3.6.2

389-ds-base-1.3.6.3

389-ds-base-1.3.6.4

389-ds-base-1.3.7.0

389-ds-base-1.3.7.2

389-ds-base-1.3.7.3

389-ds-base-1.3.7.4

389-ds-base-1.4.0.0

389-ds-base-1.4.0.1

389-ds-base-1.4.0.10

389-ds-base-1.4.0.11

389-ds-base-1.4.0.12

389-ds-base-1.4.0.13

389-ds-base-1.4.0.14

389-ds-base-1.4.0.15

389-ds-base-1.4.0.16

389-ds-base-1.4.0.17

389-ds-base-1.4.0.18

389-ds-base-1.4.0.19

389-ds-base-1.4.0.2

389-ds-base-1.4.0.20

389-ds-base-1.4.0.3

389-ds-base-1.4.0.4

389-ds-base-1.4.0.5

389-ds-base-1.4.0.6

389-ds-base-1.4.0.7

389-ds-base-1.4.0.8

389-ds-base-1.4.0.9

389-ds-base-1.4.1.0

389-ds-base-1.4.1.1

389-ds-base-1.4.1.2

389-ds-base-1.4.1.3

389-ds-base-1.4.1.4

389-ds-base-1.4.1.5

389-ds-base-1.4.1.6

389-ds-base-1.4.2.1

389-ds-base-1.4.2.2

389-ds-base-1.4.2.3

389-ds-base-1.4.2.4

389-ds-base-1.4.2.5

389-ds-base-1.4.3.1

389-ds-base-1.4.3.2

389-ds-base-1.4.3.3

389-ds-base-1.4.3.4

389-ds-base-1.4.3.5

389-ds-base-1.4.4.0

389-ds-base-1.4.4.1

389-ds-base-1.4.4.2

389-ds-base-1.4.4.3

389-ds-base-1.4.4.4

389-ds-base-1.4.4.5

389-ds-base-1.4.5.0

389-ds-base-2.*

389-ds-base-2.0.0

389-ds-base-2.0.0.0

389-ds-base-2.0.1

389-ds-base-2.0.2

Other

Directory_Server_8_1_Candidate_20090324

FedoraDirSvr10

FedoraDirSvr110a1

FedoraDirSvr110a2

FedoraDirSvr110a3

FedoraDirSvr110a3_20070320

FedoraDirSvr110a4

FedoraDirSvr110a4_20070720

FedoraDirSvr110b1

FedoraDirSvr110b1_20070813

FedoraDirSvr110b1_20070816

FedoraDirSvr110b2

FedoraDirSvr110b2_20071107

FedoraDirSvr111

FedoraDirSvr111_20080530

FedoraDirSvr_1_1_2

FedoraDirSvr_1_1_2_20080904

FedoraDirSvr_1_1_2_RC

FedoraDirSvr_1_1_2_RC2

FedoraDirSvr_1_1_2_RC_20080828

FedoraDirSvr_1_1_3_20080923

FedoraDirSvr_20051103_RTC

before-merge-nunc-stans

ldapserver7x