We found results for “”
WS-2021-0159
Good to know:
Date: June 23, 2021
In authelia, versions v3.3.0 to 3.5.0 are vulnerable against LDAP injection as a result of failing to properly sanitize user input. It’s possible to modify LDAP statements through techniques similar to SQL injections, LDAP injection could result in the granting of permissions to unauthorized queries, and content modification inside the LDAP tree.
Language: Go
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CWE-90Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | NONE |