CVE-2019-10224 MEDIUM

CVE-2019-10224

Vendor Red Hat
Product 389-ds-base
Weakness CWE-522 · Insufficiently protected credentials
Published November 25, 2019
Last update August 4, 2024

CVSS base score

4.3/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.

Key dates

02Disclosure timeline

November 25, 2019 CVE published
August 4, 2024 Record updated