{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-05T00:00:00", "descriptions": [{"lang": "en", "value": "389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the \"cn=changelog\" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-04-03T13:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html"}, {"name": "RHSA-2015:0416", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html"}, {"name": "RHSA-2015:0628", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0628.html"}, {"name": "FEDORA-2015-3368", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:10:50.213Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html"}, {"name": "RHSA-2015:0416", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html"}, {"name": "RHSA-2015:0628", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0628.html"}, {"name": "FEDORA-2015-3368", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-8105", "datePublished": "2015-03-10T14:00:00", "dateReserved": "2014-10-10T00:00:00", "dateUpdated": "2024-08-06T13:10:50.213Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B301991-61EC-447E-A220-29D17E8FDABD", "versionEndIncluding": "1.3.2.26", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "80EE57EB-D603-40A5-84F5-BEA703D8A0EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "D6E18AB1-FE95-49F2-A354-F24C4569634C", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "77D4A1FC-53B7-493F-9D9C-B1DA6231A3E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "B1AE563B-59ED-40F4-B2FF-CDE6EFA5087B", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "220041CC-C46F-4D0E-B231-0645621A7E66", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the \"cn=changelog\" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors."}, {"lang": "es", "value": "389 Directory Server anterior a 1.3.2.27 y 1.3.3.x anterior a 1.3.3.9 no restringe correctamente acceso al sub\u00e1rbol LDAP 'cn=changelog', lo que permite a atacantes remotos obtener informaci\u00f3n sensible del registro de cambios (changelog) a trav\u00e9s de vectores no especificados."}], "id": "CVE-2014-8105", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-10T14:59:00.070", "references": [{"source": "secalert@redhat.com", "url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html"}, {"source": "secalert@redhat.com", "url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0628.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0628.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Petr \u0160pa\u010dek (Red Hat Identity Management Engineering Team).", "affected_release": [{"advisory": "RHSA-2015:0628", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "389-ds-base-0:1.2.11.15-50.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0416", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "389-ds-base-0:1.3.3.1-13.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}], "bugzilla": {"description": "389-ds-base: information disclosure through 'cn=changelog' subtree", "id": "1167858", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1167858"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-862->CWE-200", "details": ["389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the \"cn=changelog\" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.", "An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive information such as plain-text passwords."], "name": "CVE-2014-8105", "public_date": "2015-03-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-8105\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8105"], "threat_severity": "Important"}