Information Exposure Affecting org.apache.directory.studio:org.apache.directory.studio.connection.core package, versions [0,2.0.0.v20210717-M17)
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Threat Intelligence
EPSS
0.06% (23rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGAPACHEDIRECTORYSTUDIO-1537982
- published 10 Aug 2021
- disclosed 9 Aug 2021
- credit Unknown
Introduced: 9 Aug 2021
CVE-2021-33900 Open this link in a new tabHow to fix?
Upgrade org.apache.directory.studio:org.apache.directory.studio.connection.core
to version 2.0.0.v20210717-M17 or higher.
Overview
Affected versions of this package are vulnerable to Information Exposure. Missing encryption in Apache Directory Studio. While investigating it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5
, GSSAPI
) was used. Additionally it was noticed that any configured SASL confidentiality layer was not applied.