Information disclosure in Fedoraproject 389_directory_server

CVE-2014-8105

389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.

Vulnerability class: Information Disclosure

EPSS: 0.005 (64.6th percentile) — read the EPSS interpretation.

Affected products

Fedoraproject 389_directory_server — versions 1.3.3.0, 1.3.3.2, 1.3.3.3
Fedoraproject Fedora — versions 22
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2015:0416 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2015:0628 (x_refsource_REDHAT, vendor-advisory)
FEDORA-2015-3368 (x_refsource_FEDORA, vendor-advisory)