CVE-2019-10224

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-10224
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10224.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-10224
Related
Published
2019-11-25T16:15:13Z
Modified
2024-12-09T16:00:04Z
Severity
  • 4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.

References

Affected packages

Debian:11 / 389-ds-base

Package

Name
389-ds-base
Purl
pkg:deb/debian/389-ds-base?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.1.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / 389-ds-base

Package

Name
389-ds-base
Purl
pkg:deb/debian/389-ds-base?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.1.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}