Source: inspircd
Version: 4.7.0+ds1-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi

>From https://docs.inspircd.org/security/2026-01/
| The LDAP modules before v4.11.0 do not escape user-provided values
| before using them in LDAP search filters. This vulnerability can be
| used to access an LDAP-restricted server (if ldapauth is used) or
| gain access to a LDAP-restricted operator account (if ldapoper is
| used) without knowing the correct username if the password of any
| user is known.

Fixes via
https://github.com/inspircd/inspircd/commit/b7e5357b144c2e20c72431e22f0f2b13e5be82ce
and
https://github.com/inspircd/inspircd/commit/6319ae4fb8c10dabc9464ad49faec532096fbcb5
.

Regards,
Salvatore

Reply via email to