Nginx ldap-auth Remote Code Execution Vulnerability
Release Date: 12 Apr 2022
RISK: Medium Risk
TYPE: Servers - Web Servers
A vulnerability was identified in Nginx ldap-auth. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.
Impact
- Remote Code Execution
System / Technologies affected
- Nginx with ldap‑auth daemon
- Nginx Plus with ldap‑auth daemon
Note: Deployments of the LDAP reference implementation are affected by the vulnerability if any of the following conditions apply.
- Command-line parameters are used to configure the Python daemon
- There are unused, optional configuration parameters
- LDAP authentication depends on specific group membership
Solutions
Nginx has suggested mitigation options to protect customers.
https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/
Vulnerability Identifier
Note: No CVE information is available for this vulnerability
沒有留言:
發佈留言