CVE-2019-10224 Information
Feb 14, 2021
cve
Description
A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode the dscreate and dsconf commands may display sensitive information such as the Directory Manager password. An attacker able to see the screen or record the terminal standard error output could use this flaw to gain sensitive information.
CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224 https://pagure.io/389-ds-base/issue/50251
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
4.6
Share on: