Home > Vulnerability Database > CVE-2019-10224

Mend.io Vulnerability Database

CVE-2019-10224

Date: November 24, 2019

A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.

Language: Python

Severity Score

4.6

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-10224

Url: https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html

Url: https://access.redhat.com/security/cve/CVE-2019-10224

Url: https://security-tracker.debian.org/tracker/CVE-2019-10224

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-10224

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224

Url: https://pagure.io/389-ds-base/issue/50251

Url: https://www.mend.io/vulnerability-database/CVE-2019-10224

Severity Score

4.6

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Insufficiently Protected Credentials

CWE-522

CVSS v3.1

Base Score:	4.6
Attack Vector (AV):	PHYSICAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-10224

Date: November 24, 2019

Language: Python

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?