An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)
Exploitability
AV:NAC:LPR:HUI:NScope
S:UImpact
C:HI:NA:N4.9/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N