Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #24149: Indirect LDAP injection via the ldap_id attribute of a user

Download Browse

A taint annotation has been added to hightlight the issue. A more global work on this topic will be done in independant contributions. Change-Id: I969d0ba6d2ff85b418bcaf728f49afc78dd49571

+2 −1
Thomas Gerbet (tgerbet) 2021-11-17 15:57
Thomas Gerbet (tgerbet) 2021-11-17 16:46
bd47f29847fcd6a68d359bc8aefb8749bb8a1b7c
c30d68c68c8fdf020cb75efeb806fea417b03c6f
git #tuleap/stable/bd47f29847fcd6a68d359bc8aefb8749bb8a1b7c

Modified Files

Side by side diff
Inline diff
Name
M plugins/ldap/include/LDAP_DirectorySynchronization.class.php +1 −1 Go to diff View file
M src/common/DB/Compat/Legacy2018/LegacyDataAccessInterface.php +1 −0 Go to diff View file