CVE Vulnerability

CVE-2019-10224

A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.

2.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

4.6 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://pagure.io/389-ds-base/issue/50251 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224 Issue Tracking Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*
Information

Published : 2019-11-25 04:15

Updated : 2019-12-10 08:27

NVD link : CVE-2019-10224

Mitre link : CVE-2019-10224

Products Affected

389 Directory Server

Fedoraproject

CWE
CWE-200