UBUNTU-CVE-2019-10224

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-10224

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-10224.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-10224

Related

CVE-2019-10224

Published

2019-11-25T16:15:00Z

Modified

2024-10-15T14:06:48Z

Severity

4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.

References

Affected packages

Ubuntu:Pro:16.04:LTS / 389-ds-base

Package

Name: 389-ds-base
Purl: pkg:deb/ubuntu/389-ds-base?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.3.12-1build1

1.3.3.13-1

1.3.4.5-2

1.3.4.8-1

1.3.4.8-3

1.3.4.8-3ubuntu1

1.3.4.8-4

1.3.4.9-1

1.3.4.9-1ubuntu0.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:18.04:LTS / 389-ds-base

Package

Name: 389-ds-base
Purl: pkg:deb/ubuntu/389-ds-base?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.7.5-1

1.3.7.5-1build1

1.3.7.5-1build2

1.3.7.9-1

1.3.7.10-1

1.3.7.10-1ubuntu1

1.3.7.10-1ubuntu1+esm1

Ecosystem specific

{
    "ubuntu_priority": "low"
}