2174262 – (CVE-2023-25613) CVE-2023-25613 kerby-backend: LDAP Injection Vulnerability in Apache Kerby

Bug 2174262 (CVE-2023-25613) - CVE-2023-25613 kerby-backend: LDAP Injection Vulnerability in Apache Kerby

Summary: CVE-2023-25613 kerby-backend: LDAP Injection Vulnerability in Apache Kerby

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2023-25613
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2171903
TreeView+	depends on / blocked

Reported:	2023-03-01 02:02 UTC by Patrick Del Bello
Modified:	2023-03-01 13:06 UTC (History)
CC List:	40 users (show)
Fixed In Version:	kerby-backend 2.0.3
Clone Of:
Environment:
Last Closed:	2023-03-01 05:46:59 UTC
Embargoed:

Attachments	(Terms of Use)

Description Patrick Del Bello 2023-03-01 02:02:15 UTC

An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3.

https://lists.apache.org/thread/ynz3hhbbq6d980fzpncwbh5jd8mkyt5y

Comment 1 Product Security DevOps Team 2023-03-01 05:46:56 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-25613

Note You need to log in before you can comment on or make changes to this bug.

aileenc
asoldano
ataylor
bbaranow
bmaxwell
boliveir
brian.stansberry
cdewolf
chazlett
darran.lofthouse
dkreling
dosoudil
fjuma
gmalinko
hbraun
ivassile
iweiss
janstey
jpavlik
jpoth
jross
lgao
mokumar
mosmerov
msochure
msvehla
nwallace
pdelbell
pdrozd
peholase
pjindal
pmackay
pskopek
rkieley
rstancel
smaestri
sthorger
tcunning
tom.jenkinson
yfang