Information Exposure Affecting org.apache.directory.studio:org.apache.directory.studio.connection.core package, versions [0,2.0.0.v20210717-M17)
Do your applications use this vulnerable package?
10 Aug 2021
9 Aug 2021
How to fix?
org.apache.directory.studio:org.apache.directory.studio.connection.core to version 2.0.0.v20210717-M17 or higher.
Affected versions of this package are vulnerable to Information Exposure. Missing encryption in Apache Directory Studio. While investigating it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (
GSSAPI) was used. Additionally it was noticed that any configured SASL confidentiality layer was not applied.