debian · CVE-2019-11187

Quick triage

Priority: not yet assigned Published: Updated: Sun, 12 Jul 2026 00:15:04 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2019-11187 not yet assigned priority: Debian including 2 source packages (fusiondirectory, gosa), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6.

Description:

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.

cvelogic Threat Intelligence