Vulnerabilites related to apache - identity_backend
cve-2023-25613
Vulnerability from cvelistv5
Published
2023-02-20 15:29
Modified
2024-08-02 11:25
Severity ?
EPSS score ?
Summary
An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/ynz3hhbbq6d980fzpncwbh5jd8mkyt5y | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Kerby LDAP Backend |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:25:19.226Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/ynz3hhbbq6d980fzpncwbh5jd8mkyt5y", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://repo.maven.apache.org/maven2", defaultStatus: "unaffected", packageName: "org.apache.kerby:ldap-backend", product: "Apache Kerby LDAP Backend", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.0.3", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "4ra1n of Chaitin Tech", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3. ", }, ], value: "An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3. ", }, ], metrics: [ { other: { content: { text: "moderate", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-74", description: "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-18T09:14:05.973Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/ynz3hhbbq6d980fzpncwbh5jd8mkyt5y", }, ], source: { discovery: "EXTERNAL", }, title: "LDAP Injection Vulnerability in Apache Kerby", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-25613", datePublished: "2023-02-20T15:29:39.154Z", dateReserved: "2023-02-09T09:47:41.424Z", dateUpdated: "2024-08-02T11:25:19.226Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-02-20 16:15
Modified
2024-11-21 07:49
Severity ?
Summary
An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | identity_backend | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:identity_backend:*:*:*:*:*:*:*:*", matchCriteriaId: "AD5ACB29-624B-4CA2-BC17-7B1130B0BBE1", versionEndExcluding: "2.0.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3. ", }, { lang: "es", value: "Existe una vulnerabilidad de inyección LDAP en LdapIdentityBackend de Apache Kerby anterior a 2.0.3.", }, ], id: "CVE-2023-25613", lastModified: "2024-11-21T07:49:49.847", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-20T16:15:10.677", references: [ { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/ynz3hhbbq6d980fzpncwbh5jd8mkyt5y", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/ynz3hhbbq6d980fzpncwbh5jd8mkyt5y", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "security@apache.org", type: "Primary", }, ], }