UBUNTU-CVE-2019-11187

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2019-11187
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-11187.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-11187
Upstream
Downstream
Related
Published
2019-08-15T17:15:00Z
Modified
2025-07-18T16:45:07Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • Ubuntu - low
Summary
[none]
Details

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.

References

Affected packages

Ubuntu:16.04:LTS / gosa

Package

Name
gosa
Purl
pkg:deb/ubuntu/gosa@2.7.4+reloaded2-9ubuntu1.1?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.4+reloaded2-9ubuntu1.1

Affected versions

2.*

2.7.4+reloaded2-2
2.7.4+reloaded2-5
2.7.4+reloaded2-6
2.7.4+reloaded2-7
2.7.4+reloaded2-8
2.7.4+reloaded2-9
2.7.4+reloaded2-9ubuntu1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-desktop"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-dev"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-help-de"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-help-en"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-help-fr"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-help-nl"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-connectivity"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-dhcp"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-dhcp-schema"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-dns"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-dns-schema"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-fai"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-fai-schema"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-gofax"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-gofon"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-goto"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-kolab"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-kolab-schema"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-ldapmanager"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-mail"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-mit-krb5"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-mit-krb5-schema"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-nagios"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-nagios-schema"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-netatalk"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-opengroupware"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-openxchange"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-openxchange-schema"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-opsi"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-phpgw"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-phpgw-schema"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-phpscheduleit"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-phpscheduleit-schema"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-pptp"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-pptp-schema"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-pureftpd"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-pureftpd-schema"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-rolemanagement"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-rsyslog"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-samba"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-scalix"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-squid"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-ssh"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-ssh-schema"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-sudo"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-sudo-schema"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-systems"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-uw-imap"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-plugin-webdav"
        },
        {
            "binary_version": "2.7.4+reloaded2-9ubuntu1.1",
            "binary_name": "gosa-schema"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:Pro:16.04:LTS / fusiondirectory

Package

Name
fusiondirectory
Purl
pkg:deb/ubuntu/fusiondirectory@1.0.8.8-3ubuntu2.16.04.1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.8.8-3
1.0.8.8-3ubuntu1
1.0.8.8-3ubuntu2
1.0.8.8-3ubuntu2.16.04.1

Ubuntu:Pro:18.04:LTS / fusiondirectory

Package

Name
fusiondirectory
Purl
pkg:deb/ubuntu/fusiondirectory@1.0.19-1ubuntu0.18.04.1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.19-1
1.0.19-1ubuntu0.18.04.1

Ubuntu:Pro:18.04:LTS / gosa

Package

Name
gosa
Purl
pkg:deb/ubuntu/gosa@2.7.4+reloaded3-3?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.4+reloaded2-13ubuntu1
2.7.4+reloaded3-2ubuntu1
2.7.4+reloaded3-3