Advisories » MGASA-2022-0239

Updated 389-ds-base packages fix security vulnerability

Publication date: 24 Jun 2022
Modification date: 24 Jun 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-1949

Description

An access control bypass vulnerability found in 389-ds-base. That
mishandling of the filter that would yield incorrect results, but as that
has progressed, can be determined that it actually is an access control
bypass. This may allow any remote unauthenticated user to issue a filter
that allows searching for database items they do not have access to,
including but not limited to potentially userPassword hashes and other
sensitive data. (CVE-2022-1949)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=30558
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/X5QRVVCIHOYYKUM4VU2IZ3RYGYI66M2M/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1949

SRPMS

8/core

• 389-ds-base-1.4.0.26-8.5.mga8