CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2020-26542

CVSS 9.8v3.1pub. 2020-11-09upd. 2024-11-21

An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Percona Server

    APP
    Percona
    ≤ 2020-10-02
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2019-12301CRITICAL9.8ten sam produkt

The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset...

CVE-2016-6662CRITICAL9.8ten sam produkt

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x bef...

CVE-2022-34968HIGH7.5ten sam produkt

An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial ...

CVE-2021-27928HIGH7.2ten sam produkt

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before ...

CVE-2016-6663HIGH7.0ten sam produkt

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; ...