MGASA-2018-0235

Source
https://advisories.mageia.org/MGASA-2018-0235.html
Import Source
https://advisories.mageia.org/MGASA-2018-0235.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2018-0235
Upstream
  • CVE-2017-8028
Published
2018-05-16T08:24:56Z
Modified
2026-04-16T06:24:20.599950252Z
Summary
Updated spring-ldap packages fix security vulnerability
Details

It was discovered that spring-ldap would under some circumstances allow authentication with a correct username but an arbitrary password (CVE-2017-8028).

References
Credits

Affected packages

Mageia:6 / spring-ldap

Package

Name
spring-ldap
Purl
pkg:rpm/mageia/spring-ldap?arch=source&distro=mageia-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.1-14.1.mga6

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2018-0235.json"