0.001 Low
EPSS
Percentile
45.0%
389-ds-base is vulnerable to information disclosure. The vulnerability exist because the reply from 389-ds-base is different depending on whether the DN exist or not, thus an attacker is able to check the existence of an entry in the LDAP database.
bugzilla.redhat.com/show_bug.cgi?id=1905565
github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32
github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc
github.com/389ds/389-ds-base/issues/4480
security-tracker.debian.org/tracker/CVE-2020-35518