{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-10224", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-04T22:17:18.918Z", "dateReserved": "2019-03-27T00:00:00", "datePublished": "2019-11-25T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-04-24T00:00:00"}, "descriptions": [{"lang": "en", "value": "A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information."}], "affected": [{"vendor": "Red Hat", "product": "389-ds-base", "versions": [{"version": "389-ds-base 1.4.x.x before 1.4.1.3", "status": "affected"}]}], "references": [{"url": "https://pagure.io/389-ds-base/issue/50251"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224"}, {"name": "[debian-lts-announce] 20230424 [SECURITY] [DLA 3399-1] 389-ds-base security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-522", "cweId": "CWE-522"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:17:18.918Z"}, "title": "CVE Program Container", "references": [{"url": "https://pagure.io/389-ds-base/issue/50251", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230424 [SECURITY] [DLA 3399-1] 389-ds-base security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "74563673-2E02-4592-BBB8-0ACC8D0C107F", "versionEndExcluding": "1.4.1.3", "versionStartIncluding": "1.4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information."}, {"lang": "es", "value": "Se ha encontrado un fallo en 389-ds-base versiones 1.4.x.x anteriores a 1.4.1.3. Cuando se ejecuta en modo verbose, los comandos dscreate y dsconf pueden mostrar informaci\u00f3n confidencial, tales como la contrase\u00f1a de Directory Manager. Un atacante, capaz de visualizar la pantalla o grabar la salida de error est\u00e1ndar del terminal, podr\u00eda utilizar este fallo para conseguir informaci\u00f3n confidencial."}], "id": "CVE-2019-10224", "lastModified": "2023-04-24T09:15:07.173", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-25T16:15:13.440", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://pagure.io/389-ds-base/issue/50251"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Viktor Ashirov (Red Hat).", "affected_release": [{"advisory": "RHSA-2019:3401", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "389-ds:1.4-8010020190903200205.eb48df33", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}], "bugzilla": {"description": "389-ds-base: using dscreate in verbose mode results in information disclosure", "id": "1677147", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677147"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-522->CWE-200", "details": ["A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.", "When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information."], "name": "CVE-2019-10224", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "389-ds-base", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "389-ds-base", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2018-11-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-10224\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10224\nhttps://pagure.io/389-ds-base/issue/50251"], "threat_severity": "Low", "upstream_fix": "389-ds-base 1.4.1.3"}