redhat-ds-base is vulnerable to information disclosure attacks. The vulnerability exists as the Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.