[Bugs] [Bug 13494] New: [CVE 21] 389-ds-base 1.4.4.4 CVEs found

[bugzilla]

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13494

          Platform: 2021.1
            Bug ID: 13494
           Summary: [CVE 21] 389-ds-base 1.4.4.4  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2022-1949,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: e.kosachev на rosalinux.ru, s.matveev на rosalinux.ru,
                    y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package 389-ds-base version 1.4.4.4

INFO (CVEs are): 389-ds-base 1.4.4.4
 cves found
CVE-2022-1949
Desc: An access control bypass vulnerability found in 389-ds-base. That
mishandling of the filter that would yield incorrect results, but as that has
progressed, can be determined that it actually is an access control bypass.
This may allow any remote unauthenticated user to issue a filter that allows
searching for database items they do not have access to, including but not
limited to potentially userPassword hashes and other sensitive data.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-1949
Severity: HIGH

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230823/287ce992/attachment.html>