Back to bug 2215465
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2023-06-16 06:09:26 UTC | CC | aazores, abenaiss, aileenc, alampare, alazarot, almacdon, asoldano, ataylor, bbaranow, bbuckingham, bcourt, bmaxwell, boliveir, brian.stansberry, cdewolf, darran.lofthouse, dhanak, dhughes, dosoudil, drichtar, eaguilar, ebaron, eglynn, ehelms, ellin, emingora, eric.wittmann, fjuma, fmongiar, gjospin, gmalinko, gzaronik, hbraun, ibek, ivassile, iweiss, janstey, jcantril, jjoyce, jkang, jnethert, jpallich, jpavlik, jpechane, jpoth, jrokos, jross, jscholz, jsherril, jvanek, kverlaen, lbacciot, lgao, lhh, lpeer, lzap, mburns, mgarciac, mhulan, michal.skrivanek, mizdebsk, mkolesni, mnovotny, mosmerov, mperina, msochure, mstefank, msvehla, myarboro, nmoumoul, nwallace, orabin, pantinor, pcreech, pdelbell, pdrozd, periklis, pgrist, pmackay, pskopek, rchan, rguimara, rjohnson, rkieley, rowaters, rstancel, sbonazzo, scohen, scorneli, sfroberg, shbose, smaestri, sthorger, swoodman, tcunning, tom.jenkinson, yfang | |
| Sandipan Roy | 2023-06-16 06:13:47 UTC | CC | abenaiss, bbuckingham, bcourt, dhughes, eglynn, ehelms, ellin, jjoyce, jsherril, lhh, lpeer, lzap, mburns, mgarciac, mhulan, michal.skrivanek, mkolesni, mperina, myarboro, nmoumoul, orabin, pcreech, pgrist, rchan, sbonazzo, scohen, scorneli, shbose | |
| Sandipan Roy | 2023-06-16 06:17:30 UTC | Blocks | 2215467 | |
| Patrick Del Bello | 2023-06-16 21:06:31 UTC | Fixed In Version | BouncyCastle 1.74 | |
| Doc Text | A flaw was found in Bouncy Castle 1.73. This flaw targets the fix of LDAP wild cards, meaning the presence of a wild card may lead to Information Disclosure as before the fix there was no validation for X.500 name of any certificate, subject, or issuer. A malicious user could use that to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory, as well as what kind of errors are exposed to the user. | |||
| Chess Hazlett | 2023-06-29 15:48:21 UTC | Alias | TRIAGE-CVE-2023-33201 | CVE-2023-33201 |
| Chess Hazlett | 2023-06-29 15:49:07 UTC | Summary | TRIAGE-CVE-2023-33201 bouncycastle: potential blind LDAP injection attack using a self-signed certificate | CVE-2023-33201 bouncycastle: potential blind LDAP injection attack using a self-signed certificate |
| Paige Jung | 2023-06-29 16:00:19 UTC | Doc Text | A flaw was found in Bouncy Castle 1.73. This flaw targets the fix of LDAP wild cards, meaning the presence of a wild card may lead to Information Disclosure as before the fix there was no validation for X.500 name of any certificate, subject, or issuer. A malicious user could use that to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory, as well as what kind of errors are exposed to the user. | A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user. |
| errata-xmlrpc | 2023-06-29 20:08:46 UTC | Link ID | Red Hat Product Errata RHSA-2023:3954 | |
| Product Security DevOps Team | 2023-06-30 00:17:45 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-06-30 00:17:45 UTC |
Back to bug 2215465