Vulnerability in Fedoraproject 389_directory_server

CVE-2013-2219

The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.

EPSS: 0.003 (51.5th percentile) — read the EPSS interpretation.

Affected products

Fedoraproject 389_directory_server
Redhat Directory_server — versions 7.1, 8.0, 8.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

RHSA-2013:1119 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2013:1116 (x_refsource_REDHAT, vendor-advisory)