First published: Fri Jun 28 2013(Updated: )
A flaw was found in how Red Hat Directory Server and the 389 Directory Server would handle access controls to certain attributes of an entry. A user with access to the Directory Server could use a series of searches to guess the values of other attributes that they should not be able to see. If a user had access (authenticated or anonymous, depending on whether or not the Directory Server allows anonymous access), they could use this to obtain information that should be restricted due to access controls.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat 389 Directory Server | ||
Red Hat Directory Server | <=8.2 | |
Red Hat Directory Server | =7.1 | |
Red Hat Directory Server | =8.0 | |
Red Hat Directory Server | =8.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-2219 has a medium severity rating due to its potential for information disclosure.
To fix CVE-2013-2219, you should update to the latest version of Red Hat Directory Server or 389 Directory Server that contains the appropriate patches.
CVE-2013-2219 affects Red Hat Directory Server versions up to 8.2, as well as version 7.1 and 8.0.
Yes, CVE-2013-2219 can potentially lead to data leakage by allowing an unauthorized user to infer values of hidden attributes.
CVE-2013-2219 is an access control vulnerability related to improper handling of attribute visibility in the directory server.