CWE-90
AllowedImproper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Abstraction: Base · Status: Draft
The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.
114 vulnerabilities reference this CWE, most recent first.
CVE-2020-5281 (GCVE-0-2020-5281)
Vulnerability from cvelistv5 – Published: 2020-03-25 18:00 – Updated: 2024-08-04 08:22- CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
| URL | Tags |
|---|---|
| https://github.com/CESNET/perun/security/advisori… | x_refsource_CONFIRM |
| https://github.com/CESNET/perun/pull/2635 | x_refsource_MISC |
| https://github.com/CESNET/perun/commit/ac527bc322… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CESNET/perun/pull/2635"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "perun",
"vendor": "CESNET",
"versions": [
{
"status": "affected",
"version": "\u003c 3.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T18:00:20.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CESNET/perun/pull/2635"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039"
}
],
"source": {
"advisory": "GHSA-gj88-9q3f-72m3",
"discovery": "UNKNOWN"
},
"title": "LDAP connector injection in Perun",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5281",
"STATE": "PUBLIC",
"TITLE": "LDAP connector injection in Perun"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "perun",
"version": {
"version_data": [
{
"version_value": "\u003c 3.9.1"
}
]
}
}
]
},
"vendor_name": "CESNET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3",
"refsource": "CONFIRM",
"url": "https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3"
},
{
"name": "https://github.com/CESNET/perun/pull/2635",
"refsource": "MISC",
"url": "https://github.com/CESNET/perun/pull/2635"
},
{
"name": "https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039",
"refsource": "MISC",
"url": "https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039"
}
]
},
"source": {
"advisory": "GHSA-gj88-9q3f-72m3",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5281",
"datePublished": "2020-03-25T18:00:20.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:09.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5246 (GCVE-0-2020-5246)
Vulnerability from cvelistv5 – Published: 2020-07-14 20:42 – Updated: 2024-08-04 08:22- CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
| URL | Tags |
|---|---|
| https://github.com/traccar/traccar/security/advis… | x_refsource_CONFIRM |
| https://github.com/traccar/traccar/commit/e4f6e74… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/traccar/traccar/security/advisories/GHSA-v955-7g22-2p49"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/traccar/traccar/commit/e4f6e74e57ab743b65d49ae00f6624a20ca0291e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Traccar",
"vendor": "Traccar",
"versions": [
{
"status": "affected",
"version": "\u003c 4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances with LDAP configuration and where users can craft their own names. This has been patched in version 4.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T20:42:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/traccar/traccar/security/advisories/GHSA-v955-7g22-2p49"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traccar/traccar/commit/e4f6e74e57ab743b65d49ae00f6624a20ca0291e"
}
],
"source": {
"advisory": "GHSA-v955-7g22-2p49",
"discovery": "UNKNOWN"
},
"title": "LDAP injection vulnerability in Traccar GPS Tracking System",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5246",
"STATE": "PUBLIC",
"TITLE": "LDAP injection vulnerability in Traccar GPS Tracking System"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Traccar",
"version": {
"version_data": [
{
"version_value": "\u003c 4.9"
}
]
}
}
]
},
"vendor_name": "Traccar"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances with LDAP configuration and where users can craft their own names. This has been patched in version 4.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/traccar/traccar/security/advisories/GHSA-v955-7g22-2p49",
"refsource": "CONFIRM",
"url": "https://github.com/traccar/traccar/security/advisories/GHSA-v955-7g22-2p49"
},
{
"name": "https://github.com/traccar/traccar/commit/e4f6e74e57ab743b65d49ae00f6624a20ca0291e",
"refsource": "MISC",
"url": "https://github.com/traccar/traccar/commit/e4f6e74e57ab743b65d49ae00f6624a20ca0291e"
}
]
},
"source": {
"advisory": "GHSA-v955-7g22-2p49",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5246",
"datePublished": "2020-07-14T20:42:10.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:09.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11277 (GCVE-0-2019-11277)
Vulnerability from cvelistv5 – Published: 2019-09-23 17:40 – Updated: 2024-09-16 20:47- CWE-90 - LDAP Injection
| URL | Tags |
|---|---|
| https://www.cloudfoundry.org/blog/cve-2019-11277 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Cloud Foundry | CF NFS volume release |
Affected:
1.7 , < v1.7.11
(custom)
Affected: 2.3 , < v2.3.0 (custom) |
|
| Cloud Foundry | CF Deployment |
Affected:
All , < v11.1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-11277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CF NFS volume release",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "v1.7.11",
"status": "affected",
"version": "1.7",
"versionType": "custom"
},
{
"lessThan": "v2.3.0",
"status": "affected",
"version": "2.3",
"versionType": "custom"
}
]
},
{
"product": "CF Deployment",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "v11.1.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-09-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90: LDAP Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-23T17:40:18.000Z",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-11277"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Volume Services is vulnerable to an LDAP injection attack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-09-23T00:00:00.000Z",
"ID": "CVE-2019-11277",
"STATE": "PUBLIC",
"TITLE": "Volume Services is vulnerable to an LDAP injection attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CF NFS volume release",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "1.7",
"version_value": "v1.7.11"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.3",
"version_value": "v2.3.0"
}
]
}
},
{
"product_name": "CF Deployment",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v11.1.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-90: LDAP Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2019-11277",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-11277"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11277",
"datePublished": "2019-09-23T17:40:18.215Z",
"dateReserved": "2019-04-18T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:47:05.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-10027 (GCVE-0-2015-10027)
Vulnerability from cvelistv5 – Published: 2023-01-07 16:42 – Updated: 2024-08-06 08:58- CWE-90 - LDAP Injection
| URL | Tags |
|---|---|
| https://vuldb.com/?id.217622 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.217622 | signaturepermissions-required |
| https://github.com/hydrian/TTRSS-Auth-LDAP/pull/14 | issue-tracking |
| https://github.com/hydrian/TTRSS-Auth-LDAP/commit… | patch |
| https://github.com/hydrian/TTRSS-Auth-LDAP/releas… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| hydrian | TTRSS-Auth-LDAP |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2015-10027",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T18:08:55.441009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T18:09:02.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.217622"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.217622"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/hydrian/TTRSS-Auth-LDAP/pull/14"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/hydrian/TTRSS-Auth-LDAP/commit/a7f7a5a82d9202a5c40d606a5c519ba61b224eb8"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/hydrian/TTRSS-Auth-LDAP/releases/tag/2.0b1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Username Handler"
],
"product": "TTRSS-Auth-LDAP",
"vendor": "hydrian",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The patch is identified as a7f7a5a82d9202a5c40d606a5c519ba61b224eb8. It is recommended to upgrade the affected component. VDB-217622 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in hydrian TTRSS-Auth-LDAP entdeckt. Dies betrifft einen unbekannten Teil der Komponente Username Handler. Durch das Beeinflussen mit unbekannten Daten kann eine ldap injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 2.0b1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a7f7a5a82d9202a5c40d606a5c519ba61b224eb8 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.9,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90 LDAP Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T07:51:44.978Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.217622"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.217622"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/hydrian/TTRSS-Auth-LDAP/pull/14"
},
{
"tags": [
"patch"
],
"url": "https://github.com/hydrian/TTRSS-Auth-LDAP/commit/a7f7a5a82d9202a5c40d606a5c519ba61b224eb8"
},
{
"tags": [
"patch"
],
"url": "https://github.com/hydrian/TTRSS-Auth-LDAP/releases/tag/2.0b1"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-01-07T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-01-07T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-01-30T00:06:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "hydrian TTRSS-Auth-LDAP Username ldap injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2015-10027",
"datePublished": "2023-01-07T16:42:32.233Z",
"dateReserved": "2023-01-07T16:41:22.174Z",
"dateUpdated": "2024-08-06T08:58:26.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-22CM-3QF2-2WC7
Vulnerability from github – Published: 2021-04-13 15:30 – Updated: 2021-04-01 23:39All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "is-user-valid"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.1.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23335"
],
"database_specific": {
"cwe_ids": [
"CWE-74",
"CWE-90"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-01T23:39:38Z",
"nvd_published_at": "2021-02-11T12:15:00Z",
"severity": "HIGH"
},
"details": "All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure.",
"id": "GHSA-22cm-3qf2-2wc7",
"modified": "2021-04-01T23:39:38Z",
"published": "2021-04-13T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23335"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-ISUSERVALID-1056766"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "LDAP Injection in is-user-valid"
}
GHSA-26CM-QRC6-MFGJ
Vulnerability from github – Published: 2021-11-08 18:16 – Updated: 2024-02-08 22:24Impact
LDAP injection vulnerability, only affects instances with LDAP authentication enabled.
Patches
Patch for vulnerability released with v1.16.3.
Workarounds
Disable LDAP feature if in use
References
OWASP LDAP Injection Prevention Cheat Sheet
For more information
If you have any questions or comments about this advisory: * Open an issue in Thunderdome Github Repository * Email us at steven@weathers.me
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/stevenweathers/thunderdome-planning-poker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41232"
],
"database_specific": {
"cwe_ids": [
"CWE-116",
"CWE-74",
"CWE-90"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-02T18:40:07Z",
"nvd_published_at": "2021-11-02T18:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nLDAP injection vulnerability, only affects instances with LDAP authentication enabled.\n\n### Patches\nPatch for vulnerability released with v1.16.3.\n\n### Workarounds\nDisable LDAP feature if in use\n\n### References\n[OWASP LDAP Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html\n)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Thunderdome Github Repository](https://github.com/StevenWeathers/thunderdome-planning-poker)\n* Email us at [steven@weathers.me](mailto:steven@weathers.me)\n",
"id": "GHSA-26cm-qrc6-mfgj",
"modified": "2024-02-08T22:24:20Z",
"published": "2021-11-08T18:16:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/StevenWeathers/thunderdome-planning-poker/security/advisories/GHSA-26cm-qrc6-mfgj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41232"
},
{
"type": "WEB",
"url": "https://github.com/github/securitylab/issues/464#issuecomment-957094994"
},
{
"type": "WEB",
"url": "https://github.com/StevenWeathers/thunderdome-planning-poker/commit/f1524d01e8a0f2d6c3db5461c742456c692dd8c1"
},
{
"type": "PACKAGE",
"url": "https://github.com/StevenWeathers/thunderdome-planning-poker"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker"
}
GHSA-2JGF-QH2V-PFQG
Vulnerability from github – Published: 2025-03-25 15:31 – Updated: 2025-03-25 15:31The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website.
{
"affected": [],
"aliases": [
"CVE-2025-27631"
],
"database_specific": {
"cwe_ids": [
"CWE-90"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-25T13:15:40Z",
"severity": "MODERATE"
},
"details": "The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website.",
"id": "GHSA-2jgf-qh2v-pfqg",
"modified": "2025-03-25T15:31:29Z",
"published": "2025-03-25T15:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27631"
},
{
"type": "WEB",
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2X9H-H3C4-WQQH
Vulnerability from github – Published: 2022-05-14 01:00 – Updated: 2024-03-12 14:24The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.31"
},
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.main:jenkins-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.20"
},
{
"fixed": "2.32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.19.2"
},
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.main:jenkins-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.19.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-9299"
],
"database_specific": {
"cwe_ids": [
"CWE-90"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-06T19:50:21Z",
"nvd_published_at": "2017-01-12T23:59:00Z",
"severity": "CRITICAL"
},
"details": "The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.",
"id": "GHSA-2x9h-h3c4-wqqh",
"modified": "2024-03-12T14:24:42Z",
"published": "2022-05-14T01:00:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9299"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/jenkins/commit/6078dd7aa097baf3402de9d5279f6053926a1ea7"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/jenkins/commit/ce8a2d51a5ee9ca12d0a75659b06161888e0a1bf"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/jenkins/commit/d84d9a2ad3825f316f805a18b3654b0803e0d7fc"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/jenkins/commit/f574224cae5ffde2bc4c996305c0dcf5ab135440"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/jenkins/commit/fde9c42fe05ac925a904b6c09a81d497d0e6ccea"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/jenkins"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!original/jenkinsci-advisories/-fc-w9tNEJE/GRvEzWoJBgAJ"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!original/jenkinsci-advisories/-fc-w9tNEJE/LZ7EOS0fBgAJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW2KUKYLNLVDB7STLHLYALCUFLEGCRM6"
},
{
"type": "WEB",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-11-16"
},
{
"type": "WEB",
"url": "https://www.cloudbees.com/jenkins-security-advisory-2016-11-16"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/44642"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/11/12/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/11/14/9"
},
{
"type": "WEB",
"url": "http://www.slideshare.net/codewhitesec/java-deserialization-vulnerabilities-the-forgotten-bug-class-deepsec-edition"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Neutralization of Special Elements used in an LDAP Query in Jenkins"
}
GHSA-3322-WPC2-P4M7
Vulnerability from github – Published: 2026-03-27 09:31 – Updated: 2026-03-27 09:31If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out auth_username_chars, or install fixed version. No publicly available exploits are known.
{
"affected": [],
"aliases": [
"CVE-2026-27860"
],
"database_specific": {
"cwe_ids": [
"CWE-90"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-27T09:16:20Z",
"severity": "LOW"
},
"details": "If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot\u0027s LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out auth_username_chars, or install fixed version. No publicly available exploits are known.",
"id": "GHSA-3322-wpc2-p4m7",
"modified": "2026-03-27T09:31:19Z",
"published": "2026-03-27T09:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27860"
},
{
"type": "WEB",
"url": "https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3JQF-V4MV-747G
Vulnerability from github – Published: 2026-01-22 18:06 – Updated: 2026-01-23 15:49Impact
Instances of Moonraker configured with the ldap component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover LDAP entries on the server such as user IDs and user attributes.
Patches
Users should upgrade to Moonraker 0.10.0 which patches this vulnerability.
Workarounds
Admins can set the max_login_attempts option in the [authorization] section to a reasonable value. Any IP attempting to exploit this vulnerability will be locked out after it has reached the specified number of consecutive failed login attempts. This condition is cleared after a Moonraker restart. Note that if an attacker knows a valid user password they can bypass this protection by successfully logging in.
The most secure workaround for users unable to upgrade is to remove the ldap section from moonraker.conf and rely on the built in user authentication.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "moonraker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-24130"
],
"database_specific": {
"cwe_ids": [
"CWE-90"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-22T18:06:54Z",
"nvd_published_at": "2026-01-22T23:15:58Z",
"severity": "LOW"
},
"details": "### Impact\n\nInstances of Moonraker configured with the `ldap` component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover LDAP entries on the server such as user IDs and user attributes.\n\n### Patches\n\nUsers should upgrade to Moonraker 0.10.0 which patches this vulnerability.\n\n### Workarounds\n\nAdmins can set the `max_login_attempts` option in the `[authorization]` section to a reasonable value. Any IP attempting to exploit this vulnerability will be locked out after it has reached the specified number of consecutive failed login attempts. This condition is cleared after a Moonraker restart. Note that if an attacker knows a valid user password they can bypass this protection by successfully logging in.\n\nThe most secure workaround for users unable to upgrade is to remove the `ldap` section from `moonraker.conf` and rely on the built in user authentication.",
"id": "GHSA-3jqf-v4mv-747g",
"modified": "2026-01-23T15:49:23Z",
"published": "2026-01-22T18:06:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Arksine/moonraker/security/advisories/GHSA-3jqf-v4mv-747g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24130"
},
{
"type": "WEB",
"url": "https://github.com/Arksine/moonraker/commit/74c5d8e44c4a4abbfbb06fb991e7ebb9ac947f42"
},
{
"type": "PACKAGE",
"url": "https://github.com/Arksine/moonraker"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Moonraker affected by LDAP search filter injection"
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
CAPEC-136: LDAP Injection
An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.