Security Advisory

CVE-2020-8086

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-01-28 16:15:37

Last updated 2024-08-04 09:48:25

Assigner mitre

State PUBLISHED

Description

The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin.

← Browse all CVEs View on cve.org ↗