GCVE - cpe:2.3:a:fedoraproject:389_directory_server:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:fedoraproject:389_directory_server:-:*:*:*:*:*:*:*

part: a version: - update: *

Vendor	Fedoraproject (`edb280c5-6017-5a8b-8553-28ce724531a7`)
Product	389 Directory Server (`5f622488-f9e9-5459-b9af-dd22a2fc0b8a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/389-ds-base`	purl2cpe	2026-06-01 10:15:30.851204
`pkg:deb/ubuntu/389-ds-base`	purl2cpe	2026-06-01 10:15:30.851207
`pkg:github/389ds/389-ds-base`	purl2cpe	2026-06-01 10:15:30.851210
`pkg:gitlab/redhat/389-ds-base`	purl2cpe	2026-06-01 10:15:30.851213
`pkg:port389/389ds`	purl2cpe	2026-06-01 10:15:30.851215
`pkg:rpm/fedora/389-ds-base`	purl2cpe	2026-06-01 10:15:30.851218
`pkg:rpm/opensuse/389-ds-base`	purl2cpe	2026-06-01 10:15:30.851221

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-14824`	vulnerable	2026-06-03 14:39:46.616251	Details available MEDIUM (6.5) A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes. Published: 2019-11-08T14:45:46.000Z Updated: 2025-02-13T16:27:22.527Z Open on db.gcve.eu Reference links https://access.redhat.com/errata/RHSA-2019:3981 https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html https://access.redhat.com/errata/RHSA-2020:0464 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824 https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2219`	vulnerable	2026-06-03 14:32:59.904941	Details available The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute. Published: 2013-07-31T10:00:00.000Z Updated: 2024-08-06T15:27:41.088Z Open on db.gcve.eu Reference links http://rhn.redhat.com/errata/RHSA-2013-1119.html https://bugzilla.redhat.com/show_bug.cgi?id=979508 http://rhn.redhat.com/errata/RHSA-2013-1116.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.