Source: inspircd Version: 4.7.0+ds1-2 Severity: grave Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi >From https://docs.inspircd.org/security/2026-01/ | The LDAP modules before v4.11.0 do not escape user-provided values | before using them in LDAP search filters. This vulnerability can be | used to access an LDAP-restricted server (if ldapauth is used) or | gain access to a LDAP-restricted operator account (if ldapoper is | used) without knowing the correct username if the password of any | user is known. Fixes via https://github.com/inspircd/inspircd/commit/b7e5357b144c2e20c72431e22f0f2b13e5be82ce and https://github.com/inspircd/inspircd/commit/6319ae4fb8c10dabc9464ad49faec532096fbcb5 . Regards, Salvatore

