Vulnerabilities > CVE-2022-1949 - Authorization Bypass Through User-Controlled Key vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
redhat
fedoraproject
CWE-639

Summary

An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.

Vulnerable Configurations

Part Description Count
OS
Redhat
206
OS
Fedoraproject
3
Application
Redhat
2