CVE-2020-35518 log

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
A security issue was found in 389-ds-base starting from version 1.4.2.3. When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database. The issue is fixed in versions 1.4.4.10 and 2.0.2.
Group Package Affected Fixed Severity Status Ticket
AVG-1482 389-ds-base 1.4.4.4-5 2.0.2-1 Medium Fixed
References
https://bugzilla.redhat.com/show_bug.cgi?id=1905565
https://github.com/389ds/389-ds-base/issues/4480
https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc
https://github.com/389ds/389-ds-base/commit/38b97faef8a6421a7a638ecdbf0b341e2b3f9ab3