CVE-2021-3309

CVE-2021-3309

packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,

Summary:

packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,

Reference Links(if available):

https://github.com/wekan/wekan/pull/3483/commits/31f89121fecca5a761b05cc3a26d4f237e90b484

https://github.com/wekan/wekan/issues/3482

https://github.com/wekan/wekan/releases/tag/v4.87

CVSS Score (if available)

v2: / MEDIUM

v3: /

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

Ransomware Groups Exploit Cloud Services for Data Exfiltration and Attacks

Zero-Day Vulnerability Discovered by watchTowr in Fortinet Products

O2’s Innovative AI Granny Tackles Scam Callers with Engaging Tales

Palo Alto Networks Zero-Day Vulnerability Actively Exploited: A Critical Security Advisory

Bitfinex Hacker Ilya Lichtenstein Sentenced to Five Years for $4.5 Billion Crypto Heist

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

You may have missed

Ransomware Groups Exploit Cloud Services for Data Exfiltration and Attacks

Zero-Day Vulnerability Discovered by watchTowr in Fortinet Products

O2’s Innovative AI Granny Tackles Scam Callers with Engaging Tales

Palo Alto Networks Zero-Day Vulnerability Actively Exploited: A Critical Security Advisory

Bitfinex Hacker Ilya Lichtenstein Sentenced to Five Years for $4.5 Billion Crypto Heist