CWE-90
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.
CVE-2015-10027 (GCVE-0-2015-10027)
Vulnerability from cvelistv5
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- CWE-90 - LDAP Injection
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
hydrian | TTRSS-Auth-LDAP |
Version: n/a |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2015-10027", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-18T18:08:55.441009Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-18T18:09:02.415Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-06T08:58:26.394Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.217622" }, { "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.217622" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://github.com/hydrian/TTRSS-Auth-LDAP/pull/14" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/hydrian/TTRSS-Auth-LDAP/commit/a7f7a5a82d9202a5c40d606a5c519ba61b224eb8" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/hydrian/TTRSS-Auth-LDAP/releases/tag/2.0b1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "modules": [ "Username Handler" ], "product": "TTRSS-Auth-LDAP", "vendor": "hydrian", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "credits": [ { "lang": "en", "type": "tool", "value": "VulDB GitHub Commit Analyzer" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The patch is identified as a7f7a5a82d9202a5c40d606a5c519ba61b224eb8. It is recommended to upgrade the affected component. VDB-217622 is the identifier assigned to this vulnerability." }, { "lang": "de", "value": "Eine problematische Schwachstelle wurde in hydrian TTRSS-Auth-LDAP entdeckt. Dies betrifft einen unbekannten Teil der Komponente Username Handler. Durch das Beeinflussen mit unbekannten Daten kann eine ldap injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 2.0b1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a7f7a5a82d9202a5c40d606a5c519ba61b224eb8 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 4.9, "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-90", "description": "CWE-90 LDAP Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-20T07:51:44.978Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.217622" }, { "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.217622" }, { "tags": [ "issue-tracking" ], "url": "https://github.com/hydrian/TTRSS-Auth-LDAP/pull/14" }, { "tags": [ "patch" ], "url": "https://github.com/hydrian/TTRSS-Auth-LDAP/commit/a7f7a5a82d9202a5c40d606a5c519ba61b224eb8" }, { "tags": [ "patch" ], "url": "https://github.com/hydrian/TTRSS-Auth-LDAP/releases/tag/2.0b1" } ], "timeline": [ { "lang": "en", "time": "2023-01-07T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2023-01-07T00:00:00.000Z", "value": "CVE reserved" }, { "lang": "en", "time": "2023-01-07T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2023-01-30T00:06:49.000Z", "value": "VulDB entry last update" } ], "title": "hydrian TTRSS-Auth-LDAP Username ldap injection" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2015-10027", "datePublished": "2023-01-07T16:42:32.233Z", "dateReserved": "2023-01-07T16:41:22.174Z", "dateUpdated": "2024-08-06T08:58:26.394Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-11277 (GCVE-0-2019-11277)
Vulnerability from cvelistv5
- CWE-90 - LDAP Injection
► | URL | Tags | |||
---|---|---|---|---|---|
|
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
► | Cloud Foundry | CF NFS volume release |
Version: 1.7 < v1.7.11 Version: 2.3 < v2.3.0 |
||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:48:09.059Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.cloudfoundry.org/blog/cve-2019-11277" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "CF NFS volume release", "vendor": "Cloud Foundry", "versions": [ { "lessThan": "v1.7.11", "status": "affected", "version": "1.7", "versionType": "custom" }, { "lessThan": "v2.3.0", "status": "affected", "version": "2.3", "versionType": "custom" } ] }, { "product": "CF Deployment", "vendor": "Cloud Foundry", "versions": [ { "lessThan": "v11.1.0", "status": "affected", "version": "All", "versionType": "custom" } ] } ], "datePublic": "2019-09-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-90", "description": "CWE-90: LDAP Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-23T17:40:18", "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03", "shortName": "pivotal" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.cloudfoundry.org/blog/cve-2019-11277" } ], "source": { "discovery": "UNKNOWN" }, "title": "Volume Services is vulnerable to an LDAP injection attack", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@pivotal.io", "DATE_PUBLIC": "2019-09-23T00:00:00.000Z", "ID": "CVE-2019-11277", "STATE": "PUBLIC", "TITLE": "Volume Services is vulnerable to an LDAP injection attack" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "CF NFS volume release", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_name": "1.7", "version_value": "v1.7.11" }, { "affected": "\u003c", "version_affected": "\u003c", "version_name": "2.3", "version_value": "v2.3.0" } ] } }, { "product_name": "CF Deployment", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_name": "All", "version_value": "v11.1.0" } ] } } ] }, "vendor_name": "Cloud Foundry" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-90: LDAP Injection" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cloudfoundry.org/blog/cve-2019-11277", "refsource": "CONFIRM", "url": "https://www.cloudfoundry.org/blog/cve-2019-11277" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03", "assignerShortName": "pivotal", "cveId": "CVE-2019-11277", "datePublished": "2019-09-23T17:40:18.215999Z", "dateReserved": "2019-04-18T00:00:00", "dateUpdated": "2024-09-16T20:47:05.168Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-5246 (GCVE-0-2020-5246)
Vulnerability from cvelistv5
- CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
► | URL | Tags |
---|---|---|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:22:09.089Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/traccar/traccar/security/advisories/GHSA-v955-7g22-2p49" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/traccar/traccar/commit/e4f6e74e57ab743b65d49ae00f6624a20ca0291e" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Traccar", "vendor": "Traccar", "versions": [ { "status": "affected", "version": "\u003c 4.9" } ] } ], "descriptions": [ { "lang": "en", "value": "Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances with LDAP configuration and where users can craft their own names. This has been patched in version 4.9." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-90", "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-14T20:42:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/traccar/traccar/security/advisories/GHSA-v955-7g22-2p49" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/traccar/traccar/commit/e4f6e74e57ab743b65d49ae00f6624a20ca0291e" } ], "source": { "advisory": "GHSA-v955-7g22-2p49", "discovery": "UNKNOWN" }, "title": "LDAP injection vulnerability in Traccar GPS Tracking System", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5246", "STATE": "PUBLIC", "TITLE": "LDAP injection vulnerability in Traccar GPS Tracking System" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Traccar", "version": { "version_data": [ { "version_value": "\u003c 4.9" } ] } } ] }, "vendor_name": "Traccar" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances with LDAP configuration and where users can craft their own names. This has been patched in version 4.9." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/traccar/traccar/security/advisories/GHSA-v955-7g22-2p49", "refsource": "CONFIRM", "url": "https://github.com/traccar/traccar/security/advisories/GHSA-v955-7g22-2p49" }, { "name": "https://github.com/traccar/traccar/commit/e4f6e74e57ab743b65d49ae00f6624a20ca0291e", "refsource": "MISC", "url": "https://github.com/traccar/traccar/commit/e4f6e74e57ab743b65d49ae00f6624a20ca0291e" } ] }, "source": { "advisory": "GHSA-v955-7g22-2p49", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-5246", "datePublished": "2020-07-14T20:42:10", "dateReserved": "2020-01-02T00:00:00", "dateUpdated": "2024-08-04T08:22:09.089Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-5281 (GCVE-0-2020-5281)
Vulnerability from cvelistv5
- CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:22:09.083Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/CESNET/perun/pull/2635" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "perun", "vendor": "CESNET", "versions": [ { "status": "affected", "version": "\u003c 3.9.1" } ] } ], "descriptions": [ { "lang": "en", "value": "In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-90", "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-25T18:00:20", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/CESNET/perun/pull/2635" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039" } ], "source": { "advisory": "GHSA-gj88-9q3f-72m3", "discovery": "UNKNOWN" }, "title": "LDAP connector injection in Perun", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5281", "STATE": "PUBLIC", "TITLE": "LDAP connector injection in Perun" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "perun", "version": { "version_data": [ { "version_value": "\u003c 3.9.1" } ] } } ] }, "vendor_name": "CESNET" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3", "refsource": "CONFIRM", "url": "https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3" }, { "name": "https://github.com/CESNET/perun/pull/2635", "refsource": "MISC", "url": "https://github.com/CESNET/perun/pull/2635" }, { "name": "https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039", "refsource": "MISC", "url": "https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039" } ] }, "source": { "advisory": "GHSA-gj88-9q3f-72m3", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-5281", "datePublished": "2020-03-25T18:00:20", "dateReserved": "2020-01-02T00:00:00", "dateUpdated": "2024-08-04T08:22:09.083Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-32651 (GCVE-0-2021-32651)
Vulnerability from cvelistv5
- CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
► | URL | Tags |
---|---|---|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:25:30.942Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/theonedev/onedev/security/advisories/GHSA-5864-2496-4xjf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/theonedev/onedev/commit/4440f0c57e440488d7e653417b2547eaae8ad19c" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "onedev", "vendor": "theonedev", "versions": [ { "status": "affected", "version": "\u003c= 4.4.1" } ] } ], "descriptions": [ { "lang": "en", "value": "OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged queries to the application and explore the LDAP tree using Blind LDAP Injection techniques. The specific payload depends on how the User Search Filter property is configured in OneDev. This issue was fixed in version 4.4.2." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-90", "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-01T17:15:12", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/theonedev/onedev/security/advisories/GHSA-5864-2496-4xjf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/theonedev/onedev/commit/4440f0c57e440488d7e653417b2547eaae8ad19c" } ], "source": { "advisory": "GHSA-5864-2496-4xjf", "discovery": "UNKNOWN" }, "title": "LDAP injection via OneDev may leak some LDAP directory information ", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32651", "STATE": "PUBLIC", "TITLE": "LDAP injection via OneDev may leak some LDAP directory information " }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "onedev", "version": { "version_data": [ { "version_value": "\u003c= 4.4.1" } ] } } ] }, "vendor_name": "theonedev" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged queries to the application and explore the LDAP tree using Blind LDAP Injection techniques. The specific payload depends on how the User Search Filter property is configured in OneDev. This issue was fixed in version 4.4.2." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/theonedev/onedev/security/advisories/GHSA-5864-2496-4xjf", "refsource": "CONFIRM", "url": "https://github.com/theonedev/onedev/security/advisories/GHSA-5864-2496-4xjf" }, { "name": "https://github.com/theonedev/onedev/commit/4440f0c57e440488d7e653417b2547eaae8ad19c", "refsource": "MISC", "url": "https://github.com/theonedev/onedev/commit/4440f0c57e440488d7e653417b2547eaae8ad19c" } ] }, "source": { "advisory": "GHSA-5864-2496-4xjf", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32651", "datePublished": "2021-06-01T17:15:12", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:25:30.942Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-41232 (GCVE-0-2021-41232)
Vulnerability from cvelistv5
Vendor | Product | Version | ||
---|---|---|---|---|
StevenWeathers | thunderdome-planning-poker |
Version: < 2.0.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:08:31.613Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/StevenWeathers/thunderdome-planning-poker/security/advisories/GHSA-26cm-qrc6-mfgj" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/github/securitylab/issues/464#issuecomment-957094994" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/StevenWeathers/thunderdome-planning-poker/commit/f1524d01e8a0f2d6c3db5461c742456c692dd8c1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "thunderdome-planning-poker", "vendor": "StevenWeathers", "versions": [ { "status": "affected", "version": "\u003c 2.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in version 1.16.3. If users are unable to update they should disable the LDAP feature if in use." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-90", "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-02T17:55:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/StevenWeathers/thunderdome-planning-poker/security/advisories/GHSA-26cm-qrc6-mfgj" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/github/securitylab/issues/464#issuecomment-957094994" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/StevenWeathers/thunderdome-planning-poker/commit/f1524d01e8a0f2d6c3db5461c742456c692dd8c1" } ], "source": { "advisory": "GHSA-26cm-qrc6-mfgj", "discovery": "UNKNOWN" }, "title": "Improper Neutralization of Special Elements used in an LDAP Query", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41232", "STATE": "PUBLIC", "TITLE": "Improper Neutralization of Special Elements used in an LDAP Query" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "thunderdome-planning-poker", "version": { "version_data": [ { "version_value": "\u003c 2.0.0" } ] } } ] }, "vendor_name": "StevenWeathers" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in version 1.16.3. If users are unable to update they should disable the LDAP feature if in use." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)" } ] }, { "description": [ { "lang": "eng", "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/StevenWeathers/thunderdome-planning-poker/security/advisories/GHSA-26cm-qrc6-mfgj", "refsource": "CONFIRM", "url": "https://github.com/StevenWeathers/thunderdome-planning-poker/security/advisories/GHSA-26cm-qrc6-mfgj" }, { "name": "https://github.com/github/securitylab/issues/464#issuecomment-957094994", "refsource": "MISC", "url": "https://github.com/github/securitylab/issues/464#issuecomment-957094994" }, { "name": "https://github.com/StevenWeathers/thunderdome-planning-poker/commit/f1524d01e8a0f2d6c3db5461c742456c692dd8c1", "refsource": "MISC", "url": "https://github.com/StevenWeathers/thunderdome-planning-poker/commit/f1524d01e8a0f2d6c3db5461c742456c692dd8c1" } ] }, "source": { "advisory": "GHSA-26cm-qrc6-mfgj", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-41232", "datePublished": "2021-11-02T17:55:10", "dateReserved": "2021-09-15T00:00:00", "dateUpdated": "2024-08-04T03:08:31.613Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-41276 (GCVE-0-2021-41276)
Vulnerability from cvelistv5
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:08:31.643Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-887w-pv2r-x8pm" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Enalean/tuleap/commit/bd47f29847fcd6a68d359bc8aefb8749bb8a1b7c" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=bd47f29847fcd6a68d359bc8aefb8749bb8a1b7c" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://tuleap.net/plugins/tracker/?aid=24149" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tuleap", "vendor": "Enalean", "versions": [ { "status": "affected", "version": "\u003c 13.2.99.31" }, { "status": "affected", "version": "\u003e= 13.1-1, \u003c 13.1-5" }, { "status": "affected", "version": "\u003e= 13.2-1, \u003c 13.2-3" } ] } ], "descriptions": [ { "lang": "en", "value": "Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. This issue has been patched in Tuleap Community Edition 13.2.99.31, Tuleap Enterprise Edition 13.1-5, and Tuleap Enterprise Edition 13.2-3." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-90", "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-15T19:30:22", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-887w-pv2r-x8pm" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Enalean/tuleap/commit/bd47f29847fcd6a68d359bc8aefb8749bb8a1b7c" }, { "tags": [ "x_refsource_MISC" ], "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=bd47f29847fcd6a68d359bc8aefb8749bb8a1b7c" }, { "tags": [ "x_refsource_MISC" ], "url": "https://tuleap.net/plugins/tracker/?aid=24149" } ], "source": { "advisory": "GHSA-887w-pv2r-x8pm", "discovery": "UNKNOWN" }, "title": "Indirect LDAP injection in Tuleap", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41276", "STATE": "PUBLIC", "TITLE": "Indirect LDAP injection in Tuleap" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "tuleap", "version": { "version_data": [ { "version_value": "\u003c 13.2.99.31" }, { "version_value": "\u003e= 13.1-1, \u003c 13.1-5" }, { "version_value": "\u003e= 13.2-1, \u003c 13.2-3" } ] } } ] }, "vendor_name": "Enalean" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. This issue has been patched in Tuleap Community Edition 13.2.99.31, Tuleap Enterprise Edition 13.1-5, and Tuleap Enterprise Edition 13.2-3." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)" } ] }, { "description": [ { "lang": "eng", "value": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-887w-pv2r-x8pm", "refsource": "CONFIRM", "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-887w-pv2r-x8pm" }, { "name": "https://github.com/Enalean/tuleap/commit/bd47f29847fcd6a68d359bc8aefb8749bb8a1b7c", "refsource": "MISC", "url": "https://github.com/Enalean/tuleap/commit/bd47f29847fcd6a68d359bc8aefb8749bb8a1b7c" }, { "name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=bd47f29847fcd6a68d359bc8aefb8749bb8a1b7c", "refsource": "MISC", "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=bd47f29847fcd6a68d359bc8aefb8749bb8a1b7c" }, { "name": "https://tuleap.net/plugins/tracker/?aid=24149", "refsource": "MISC", "url": "https://tuleap.net/plugins/tracker/?aid=24149" } ] }, "source": { "advisory": "GHSA-887w-pv2r-x8pm", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-41276", "datePublished": "2021-12-15T19:30:22", "dateReserved": "2021-09-15T00:00:00", "dateUpdated": "2024-08-04T03:08:31.643Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-43350 (GCVE-0-2021-43350)
Vulnerability from cvelistv5
- CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache Traffic Control |
Version: Traffic Ops < 6.0.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:55:28.477Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://trafficcontrol.apache.org/security/" }, { "name": "[oss-security] 20211111 CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/11/11/3" }, { "name": "[oss-security] 20211111 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/11/11/4" }, { "name": "[oss-security] 20211116 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/11/17/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Traffic Control", "vendor": "Apache Software Foundation", "versions": [ { "changes": [ { "at": "5.1.4", "status": "unaffected" } ], "lessThan": "6.0.1", "status": "affected", "version": "Traffic Ops", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "This issue was discovered by Apache Traffic Control user pupiles." } ], "descriptions": [ { "lang": "en", "value": "An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter." } ], "metrics": [ { "other": { "content": { "other": "critical" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-90", "description": "CWE-90 Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-17T12:06:08", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://trafficcontrol.apache.org/security/" }, { "name": "[oss-security] 20211111 CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/11/11/3" }, { "name": "[oss-security] 20211111 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/11/11/4" }, { "name": "[oss-security] 20211116 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/11/17/1" } ], "source": { "discovery": "UNKNOWN" }, "title": "LDAP filter injection vulnerability in Traffic Ops", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-43350", "STATE": "PUBLIC", "TITLE": "LDAP filter injection vulnerability in Traffic Ops" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Traffic Control", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "Traffic Ops", "version_value": "6.0.1" }, { "version_affected": "\u003c", "version_name": "Traffic Ops", "version_value": "5.1.4" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "This issue was discovered by Apache Traffic Control user pupiles." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "critical" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-90 Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://trafficcontrol.apache.org/security/", "refsource": "MISC", "url": "https://trafficcontrol.apache.org/security/" }, { "name": "[oss-security] 20211111 CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/11/11/3" }, { "name": "[oss-security] 20211111 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/11/11/4" }, { "name": "[oss-security] 20211116 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/11/17/1" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-43350", "datePublished": "2021-11-11T13:00:15", "dateReserved": "2021-11-03T00:00:00", "dateUpdated": "2024-08-04T03:55:28.477Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-43782 (GCVE-0-2021-43782)
Vulnerability from cvelistv5
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:03:08.971Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-cwv9-hhm4-jr84" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-887w-pv2r-x8pm" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Enalean/tuleap/commit/64e77561eba9f8233199c2962b3497ed7294a7d2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=64e77561eba9f8233199c2962b3497ed7294a7d2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://tuleap.net/plugins/tracker/?aid=24168" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tuleap", "vendor": "Enalean", "versions": [ { "status": "affected", "version": "\u003c 13.2.99.83" }, { "status": "affected", "version": "\u003e= 13.1-1, \u003c 13.1-6" }, { "status": "affected", "version": "\u003e= 13.2-1, \u003c 13.2-4" } ] } ], "descriptions": [ { "lang": "en", "value": "Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm/CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. The following versions contain the fix: Tuleap Community Edition 13.2.99.83, Tuleap Enterprise Edition 13.1-6, and Tuleap Enterprise Edition 13.2-4." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-90", "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-15T19:30:14", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-cwv9-hhm4-jr84" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-887w-pv2r-x8pm" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Enalean/tuleap/commit/64e77561eba9f8233199c2962b3497ed7294a7d2" }, { "tags": [ "x_refsource_MISC" ], "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=64e77561eba9f8233199c2962b3497ed7294a7d2" }, { "tags": [ "x_refsource_MISC" ], "url": "https://tuleap.net/plugins/tracker/?aid=24168" } ], "source": { "advisory": "GHSA-cwv9-hhm4-jr84", "discovery": "UNKNOWN" }, "title": "Indirect LDAP injection in Tuleap", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-43782", "STATE": "PUBLIC", "TITLE": "Indirect LDAP injection in Tuleap" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "tuleap", "version": { "version_data": [ { "version_value": "\u003c 13.2.99.83" }, { "version_value": "\u003e= 13.1-1, \u003c 13.1-6" }, { "version_value": "\u003e= 13.2-1, \u003c 13.2-4" } ] } } ] }, "vendor_name": "Enalean" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm/CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. The following versions contain the fix: Tuleap Community Edition 13.2.99.83, Tuleap Enterprise Edition 13.1-6, and Tuleap Enterprise Edition 13.2-4." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)" } ] }, { "description": [ { "lang": "eng", "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-cwv9-hhm4-jr84", "refsource": "CONFIRM", "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-cwv9-hhm4-jr84" }, { "name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-887w-pv2r-x8pm", "refsource": "MISC", "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-887w-pv2r-x8pm" }, { "name": "https://github.com/Enalean/tuleap/commit/64e77561eba9f8233199c2962b3497ed7294a7d2", "refsource": "MISC", "url": "https://github.com/Enalean/tuleap/commit/64e77561eba9f8233199c2962b3497ed7294a7d2" }, { "name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=64e77561eba9f8233199c2962b3497ed7294a7d2", "refsource": "MISC", "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=64e77561eba9f8233199c2962b3497ed7294a7d2" }, { "name": "https://tuleap.net/plugins/tracker/?aid=24168", "refsource": "MISC", "url": "https://tuleap.net/plugins/tracker/?aid=24168" } ] }, "source": { "advisory": "GHSA-cwv9-hhm4-jr84", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-43782", "datePublished": "2021-12-15T19:30:14", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2024-08-04T04:03:08.971Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-4254 (GCVE-0-2022-4254)
Vulnerability from cvelistv5
- CWE-90 - - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:34:49.913Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149894" }, { "tags": [ "x_transferred" ], "url": "https://github.com/SSSD/sssd/issues/5135" }, { "tags": [ "x_transferred" ], "url": "https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-4254" }, { "name": "[debian-lts-announce] 20230529 [SECURITY] [DLA 3436-1] sssd security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2022-4254", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-03-27T14:42:02.928527Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-90", "description": "CWE-90 Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-27T14:42:34.058Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "SSSD", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Affects SSSD 1.15.3, Fixed in SSSD 2.3.1" } ] } ], "descriptions": [ { "lang": "en", "value": "sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-90", "description": "CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-29T00:00:00.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149894" }, { "url": "https://github.com/SSSD/sssd/issues/5135" }, { "url": "https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274" }, { "url": "https://access.redhat.com/security/cve/CVE-2022-4254" }, { "name": "[debian-lts-announce] 20230529 [SECURITY] [DLA 3436-1] sssd security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-4254", "datePublished": "2023-02-01T00:00:00.000Z", "dateReserved": "2022-12-01T00:00:00.000Z", "dateUpdated": "2025-03-27T14:42:34.058Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
CAPEC-136: LDAP Injection
An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.