CVE-2019-10224

MEDIUM

389-ds-base <1.4.1.3 - Info Disclosure

Title source: llm

Description

A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.

References (3)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224

[Mailing List] https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html

[Third Party Advisory] https://pagure.io/389-ds-base/issue/50251

Scores

CVSS v3 4.6

EPSS 0.0005

EPSS Percentile 16.1%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522 CWE-200

Status published

Affected Products (1)

fedoraproject/389_directory_server < 1.4.1.3

Timeline

Published Nov 25, 2019

Tracked Since Feb 18, 2026