Impact
It's LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, user can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances with LDAP configuration and where users can craft their own names.
Patches
A patch has been merged and will be release with version 4.9.
Workarounds
Disabling LDAP should be prevent the issue.
References
More information about LDAP injection:
For more information
If you have any questions or comments about this advisory:
Impact
It's LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, user can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances with LDAP configuration and where users can craft their own names.
Patches
A patch has been merged and will be release with version 4.9.
Workarounds
Disabling LDAP should be prevent the issue.
References
More information about LDAP injection:
For more information
If you have any questions or comments about this advisory: