An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-26T12:19:25
Updated: 2022-04-19T23:20:08
Reserved: 2019-06-29T00:00:00
Link: CVE-2019-13057
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-07-26T13:15:12.317
Modified: 2022-06-13T18:38:52.607
Link: CVE-2019-13057
JSON object: View
Redhat Information
No data.
CWE