{"id":"MGASA-2022-0239","summary":"Updated 389-ds-base packages fix security vulnerability","details":"An access control bypass vulnerability found in 389-ds-base. That\nmishandling of the filter that would yield incorrect results, but as that\nhas progressed, can be determined that it actually is an access control\nbypass. This may allow any remote unauthenticated user to issue a filter\nthat allows searching for database items they do not have access to,\nincluding but not limited to potentially userPassword hashes and other\nsensitive data. (CVE-2022-1949)\n","modified":"2026-04-16T00:10:15.952084370Z","published":"2022-06-24T20:50:43Z","upstream":["CVE-2022-1949"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0239.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30558"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/X5QRVVCIHOYYKUM4VU2IZ3RYGYI66M2M/"}],"affected":[{"package":{"name":"389-ds-base","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/389-ds-base?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.0.26-8.5.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0239.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}