The FusionDirectory security team investigates all reports of security vulnerabilities affecting FusionDirectory, and releases these documents as part of the ongoing effort to help you manage security risks and help keep your systems protected.
| FSA number | CVE NUMBER | Version | EXplanation | ISSUES |
|---|---|---|---|---|
| FSA-0012 | 1.0.20 | User can lock their own account | https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5397 | |
| FSA-0011 | 1.0.18 | User with role “editownpwd” or “editowninfo” must not be able to lock other accounts | https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5252 | |
| FSA-0010 | 1.0.18 | Incorrect data published to fdPrivateMail via the web service deletes the existing data. | https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5292 | |
| FSA-0009 | 1.0.14 | Triggers can lead to the execution of arbitrary code in the shell | https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/4875 | |
| FSA-0008 | 1.0.13 | Fusiondirectory shows ldap password in clear text during connection error | https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/4764 | |
| FSA-0007 | 1.0.9.3 | Locked users can continue to log in with their ssh keys | https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/4385 https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/4473 | |
| FSA-0006 | CVE-2014-9760 | 1.0.8.2 | XSS injection possible in the login screen | https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/3316 |
| FSA-0005 | 1.0.8.1 | We can connect with an expired account if we are able to modify the connection url | https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/3263 | |
| FSA-0004 | 1.0.8.1 | The password is not hidden when using the post modification trigger and it produces an error | https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/3227 | |
| FSA-0003 | 1.0.8 | The password change trigger continues to execute when there is an error if you are logged in as fd-admin | https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/3072 | |
| FSA-0002 | 1.0.8 | FusionDirectory should not execute code from the shell | https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/2784 | |
| FSA-0001 | 1.0.5 | The class that manages the lists does not exclude the html code inserted | https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/2140 https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/2062 |