CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-26542

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1790%
EPSS Percentile7.95th
Published2020年11月9日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account.

Affected Platforms (CPE)

📦
Percona

Percona Server

<= 2020-10-02

References & Advisories

🔗 https://jira.percona.com/browse/PS-7358
🔗 https://jira.percona.com/browse/PSMDB-726
🔗 https://www.percona.com/blog/2020/10/13/percona-distribution-for-mysql-pxc-variant-8-0-20-fixes-for-security-vulnerability-release-roundup-october-13-2020/
🔗 https://www.percona.com/doc/percona-distribution-mysql/8.0/release-notes-pxc-v8.0.20.upd2.html
🔗 https://jira.percona.com/browse/PS-7358
🔗 https://jira.percona.com/browse/PSMDB-726
🔗 https://www.percona.com/blog/2020/10/13/percona-distribution-for-mysql-pxc-variant-8-0-20-fixes-for-security-vulnerability-release-roundup-october-13-2020/
🔗 https://www.percona.com/doc/percona-distribution-mysql/8.0/release-notes-pxc-v8.0.20.upd2.html

相關漏洞威脅

CVE-2016-66629.8

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10....

CVE-2019-123019.8

The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password t...

CVE-2020-79207.5

pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service.

CVE-2021-279287.2

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 be...