{"containers": {"cna": {"affected": [{"product": "389-ds-base", "vendor": "n/a", "versions": [{"status": "affected", "version": "389-ds-base 2.0.3, 389-ds-base 1.4.4.13, 389-ds-base 1.4.3.19"}]}], "descriptions": [{"lang": "en", "value": "When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-26T16:43:08", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905565"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/389ds/389-ds-base/issues/4480"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-35518", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "389-ds-base", "version": {"version_data": [{"version_value": "389-ds-base 2.0.3, 389-ds-base 1.4.4.13, 389-ds-base 1.4.3.19"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1905565", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905565"}, {"name": "https://github.com/389ds/389-ds-base/issues/4480", "refsource": "MISC", "url": "https://github.com/389ds/389-ds-base/issues/4480"}, {"name": "https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc", "refsource": "MISC", "url": "https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc"}, {"name": "https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32", "refsource": "MISC", "url": "https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:02:08.248Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905565"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/389ds/389-ds-base/issues/4480"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-35518", "datePublished": "2021-03-26T16:43:08", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-04T17:02:08.248Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:389_directory_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "826F6485-30A1-49A6-8E66-4F53DAD03EDE", "versionEndExcluding": "1.4.3.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:389_directory_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "7273B979-C446-45CA-A601-9F81F6DA503C", "versionEndExcluding": "1.4.4.13", "versionStartIncluding": "1.4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:389_directory_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "72D21DC8-ED0C-4C96-A9CF-0EE1E3EBD7F9", "versionEndExcluding": "2.0.3", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:directory_server:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "2A169F6D-88A5-4631-9D30-519350ACFE6E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database."}, {"lang": "es", "value": "Cuando se vincula con un DN durante la autenticaci\u00f3n, la respuesta de 389-ds-base ser\u00e1 diferente si el DN se presenta o no. Esto puede ser usado por un atacante no autenticado para comprobar la existencia de una entrada en la base de datos de LDAP."}], "id": "CVE-2020-35518", "lastModified": "2024-11-21T05:27:28.920", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-26T17:15:12.280", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905565"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/389ds/389-ds-base/issues/4480"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905565"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/389ds/389-ds-base/issues/4480"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:0599", "cpe": "cpe:/a:redhat:directory_server:11.1::el8", "package": "redhat-ds:11-8020020210210175100.51c5a973", "product_name": "Red Hat Directory Server 11.1 for RHEL 8", "release_date": "2021-02-16T00:00:00Z"}, {"advisory": "RHSA-2021:1243", "cpe": "cpe:/a:redhat:directory_server:11.2::el8", "package": "redhat-ds:11-8030020210318191016.0b92cc7b", "product_name": "Red Hat Directory Server 11.2 for RHEL 8", "release_date": "2021-04-19T00:00:00Z"}, {"advisory": "RHSA-2021:2323", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "389-ds-base-0:1.3.10.2-12.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-06-08T00:00:00Z"}, {"advisory": "RHSA-2021:1086", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "389-ds:1.4-8030020210311231957.e114a9e7", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-04-06T00:00:00Z"}, {"advisory": "RHSA-2021:1258", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "389-ds:1.4-8020020210412125652.dbc46ba7", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-04-19T00:00:00Z"}], "bugzilla": {"description": "389-ds-base: information disclosure during the binding of a DN", "id": "1905565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905565"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.", "When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database."], "name": "CVE-2020-35518", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "389-ds-base", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "389-ds-base", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2020-12-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-35518\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-35518"], "threat_severity": "Moderate", "upstream_fix": "389-ds-base 2.0.3, 389-ds-base 1.4.4.13, 389-ds-base 1.4.3.19"}