CVE-2018-5730

LOW Year: 2018
CVSS v3 Score
3.8
Low
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-90
View all →

Vulnerability Description

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.

Related Vulnerabilities

CVE-2021-32651

MEDIUM
CVSS:4.3(Medium)

OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged...

CWE-902021

CVE-2025-27686

LOW
CVSS:2.7(Low)

Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Inject...

CWE-902025

CVE-2022-45910

MEDIUM
CVSS:5.3(Medium)

Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an...

CWE-902022

CVE-2011-4069

CRITICAL
CVSS:9.8(Critical)

html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.

CWE-902011

CVE-2015-10027

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulatio...

CWE-902015

CVE-2016-9299

CRITICAL
CVSS:9.8(Critical)

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party s...

CWE-902016