You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It may be possible to use LDAP filter injection to retrieve data beyond the configured application restrictions. The application does not properly escape ldap search terms when using advanced search on peoplesearch or helpdesk modules. The ability to exploit this issue depends on advanced search being enabled (it is off by default) and the LDAP directory security model and PWM configuration used.
Thanks to Yassine Bengana & Maxime Escourbiac from Michelin CERT Team for discovery and responsible disclosure of this issue.
The text was updated successfully, but these errors were encountered:
It may be possible to use LDAP filter injection to retrieve data beyond the configured application restrictions. The application does not properly escape ldap search terms when using advanced search on peoplesearch or helpdesk modules. The ability to exploit this issue depends on advanced search being enabled (it is off by default) and the LDAP directory security model and PWM configuration used.
Thanks to Yassine Bengana & Maxime Escourbiac from Michelin CERT Team for discovery and responsible disclosure of this issue.
The text was updated successfully, but these errors were encountered: