{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78632?format=json","vulnerability_id":"VCID-bpw5-xeju-93f3","summary":"RHDS: LDAP browser tries to decode userPassword instead of userCertificate attribute","aliases":[{"alias":"CVE-2023-1055"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921464?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.4%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584395?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pqe1-ewjj-uqbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/582295?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pqe1-ewjj-uqbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067513?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1072601?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583111?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tdy-umt6-4ubr"},{"vulnerability":"VCID-63rm-mq1r-5fbz"},{"vulnerability":"VCID-6f2q-qatg-kucr"},{"vulnerability":"VCID-77rw-db6h-hya9"},{"vulnerability":"VCID-bpw5-xeju-93f3"},{"vulnerability":"VCID-hjvf-3mm8-xfhq"},{"vulnerability":"VCID-kbvd-dfmn-buat"},{"vulnerability":"VCID-knxk-357y-efhh"},{"vulnerability":"VCID-pqe1-ewjj-uqbn"},{"vulnerability":"VCID-qkca-awn5-hfas"},{"vulnerability":"VCID-qv4g-5kzs-9kfa"},{"vulnerability":"VCID-rffx-mwhe-tqe5"},{"vulnerability":"VCID-vx15-pahy-ufbn"},{"vulnerability":"VCID-x8k9-na1n-8fgj"},{"vulnerability":"VCID-xs3r-chc9-27dr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2"},{"url":"http://public2.vulnerablecode.io/api/packages/582291?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63rm-mq1r-5fbz"},{"vulnerability":"VCID-6f2q-qatg-kucr"},{"vulnerability":"VCID-bpw5-xeju-93f3"},{"vulnerability":"VCID-kbvd-dfmn-buat"},{"vulnerability":"VCID-pqe1-ewjj-uqbn"},{"vulnerability":"VCID-xs3r-chc9-27dr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582294?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f2q-qatg-kucr"},{"vulnerability":"VCID-bpw5-xeju-93f3"},{"vulnerability":"VCID-kbvd-dfmn-buat"},{"vulnerability":"VCID-pqe1-ewjj-uqbn"},{"vulnerability":"VCID-xs3r-chc9-27dr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583112?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f2q-qatg-kucr"},{"vulnerability":"VCID-bpw5-xeju-93f3"},{"vulnerability":"VCID-kbvd-dfmn-buat"},{"vulnerability":"VCID-pqe1-ewjj-uqbn"},{"vulnerability":"VCID-xs3r-chc9-27dr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1055.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1055.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1055","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19886","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19584","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19594","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19554","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19943","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1967","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1975","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19801","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19806","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19761","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19704","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1968","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19682","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19695","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19586","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19573","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19536","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19419","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19508","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1055"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1055","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1055"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034891","reference_id":"1034891","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034891"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2173517","reference_id":"2173517","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2173517"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZOYQ5TCV6ZEPMDV4CSLK3KINAAO4SRI/","reference_id":"MZOYQ5TCV6ZEPMDV4CSLK3KINAAO4SRI","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T14:02:37Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZOYQ5TCV6ZEPMDV4CSLK3KINAAO4SRI/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3489","reference_id":"RHSA-2023:3489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3489"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4655","reference_id":"RHSA-2023:4655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4655"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2173517#c0","reference_id":"show_bug.cgi?id=2173517#c0","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T14:02:37Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2173517#c0"}],"weaknesses":[{"cwe_id":295,"name":"Improper Certificate Validation","description":"The product does not validate, or incorrectly validates, a certificate."},{"cwe_id":200,"name":"Exposure of Sensitive Information to an Unauthorized Actor","description":"The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information."}],"exploits":[],"severity_range_score":"5.5 - 5.5","exploitability":"0.5","weighted_severity":"5.0","risk_score":2.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bpw5-xeju-93f3"}