CVE-2023-29050

CRITICAL Year: 2023
CVSS v3 Score
9.6
Critical
Weakness Type
CWE-90
View all →

Vulnerability Description

The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory server, leading to denial of service. Encoding has been added for user-provided fragments that are used when constructing the LDAP query. No publicly available exploits are known.

Related Vulnerabilities

CVE-2011-4069

CRITICAL
CVSS:9.8(Critical)

html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.

CWE-902011

CVE-2015-10027

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulatio...

CWE-902015

CVE-2016-9299

CRITICAL
CVSS:9.8(Critical)

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party s...

CWE-902016

CVE-2017-14596

CRITICAL
CVSS:9.8(Critical)

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

CWE-902017

CVE-2017-8790

CRITICAL
CVSS:9.8(Critical)

An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection.

CWE-902017

CVE-2021-43350

CRITICAL
CVSS:9.8(Critical)

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LD...

CWE-902021