CVE-2023-1055 - OpenCVE

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Directory Server
Fedoraproject	Fedora

Configuration 1 [-]

OR	cpe:2.3:a:redhat:directory_server:11.5:::::::*
	cpe:2.3:a:redhat:directory_server:11.6:::::::*
	cpe:2.3:a:redhat:directory_server:12.0:::::::*
	cpe:2.3:a:redhat:directory_server:12.1:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:36:::::::*
	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2173517#c0	Issue Tracking Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZOYQ5TCV6ZEPMDV4CSLK3KINAAO4SRI/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2023-02-27T00:00:00

Updated: 2023-07-26T00:00:00

Reserved: 2023-02-27T00:00:00

Link: CVE-2023-1055

JSON object: View

NVD Information

Status : Modified

Published: 2023-02-27T22:15:09.990

Modified: 2023-11-07T04:02:23.447

Link: CVE-2023-1055

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:directory_server:11.5:*:*:*:*:*:*:*", "matchCriteriaId": "5532B7A4-A873-4639-B8D4-B6A65CFCFB3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:directory_server:11.6:*:*:*:*:*:*:*", "matchCriteriaId": "151CA15F-B090-4767-A1B0-03CBE45A7B75", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:directory_server:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "A3DAF61A-58A9-41A6-A4DC-64148055B0C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:directory_server:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8C6D6E7-66A9-4F10-B38D-5D6832CD4D77", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality."}], "id": "CVE-2023-1055", "lastModified": "2023-11-07T04:02:23.447", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-27T22:15:09.990", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173517#c0"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZOYQ5TCV6ZEPMDV4CSLK3KINAAO4SRI/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "secalert@redhat.com", "type": "Secondary"}]}