Date: Thu, 17 Dec 2020 21:09:37 +0000 (UTC) From: Steve Wills <swills@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r558329 - head/security/vuxml Message-ID: <202012172109.0BHL9b6Q025403@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: swills Date: Thu Dec 17 21:09:37 2020 New Revision: 558329 URL: https://svnweb.freebsd.org/changeset/ports/558329 Log: Document vault issue Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Dec 17 21:03:15 2020 (r558328) +++ head/security/vuxml/vuln.xml Thu Dec 17 21:09:37 2020 (r558329) @@ -58,6 +58,33 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="cc1fd3da-b8fd-4f4d-a092-c38541c0f993"> + <topic>vault -- User Enumeration via LDAP auth</topic> + <affects> + <package> + <name>vault</name> + <range><lt>1.6.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Vault developers report:</p> + <blockquote cite="https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984"> + <p>Vault allowed enumeration of users via the LDAP auth method. This vulnerability, was fixed in Vault 1.6.1 and 1.5.6.</p> + <p>An external party reported that they were able to enumerate LDAP users via error messages returned by Vault’s LDAP auth method</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2020-35177</cvename> + <url>https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984</url> + </references> + <dates> + <discovery>2020-12-16</discovery> + <entry>2020-12-17</entry> + </dates> + </vuln> + <vuln vid="85349584-3ba4-11eb-919d-08002728f74c"> <topic>jasper -- heap overflow vulnerability</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012172109.0BHL9b6Q025403>