Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmOHItNHF3bS1yN2pm

Critical EPSS: 0.01172% (0.77508 Percentile) EPSS:
Permalink JSON

Improper Authentication in Apache Traffic Control

Affected Packages Affected Versions Fixed Versions
go:github.com/apache/trafficcontrol >= 3.0.0, <= 3.0.1 3.0.2-RC1
1 Dependent packages
2 Dependent repositories

Affected Version Ranges

All affected versions

All unaffected versions

1.1.3, 5.0.0, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.6, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 7.0.0, 7.0.1

Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password.

References:

Identifiers

GHSA-3f8r-4qwm-r7jf

CVE-2019-12405

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.01172

EPSS Percentile: 0.77508

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/apache/trafficcontrol

Date and time

Published

about 4 years ago

Updated

almost 2 years ago

API

JSON