Last Modified: May 15, 2026
Affected Product(s):
F5OS F5OS-A, F5OS-C, Velos
Known Affected Versions:
F5OS-A 1.8.0, F5OS-A 1.8.1, F5OS-A 1.8.2, F5OS-A 1.8.3, F5OS-C 1.8.0, F5OS-C 1.8.1, F5OS-C 1.8.2
Opened: Feb 03, 2025 Severity: 2-Critical
F5OS gets the GID value from the server only at commit time on ConfD. Thus, if the GID value changes on the server side, the client (F5OS) has no way of knowing the new GID value. This has resulted in an issue where a user is logging in as a different role.
- A user with a lower privileged role can be granted an elevated privileged role (security concern) and vice versa
-- Configure LDAP server configuration -- Enable LDAP authentication -- Configure ldap-group -- Log in as an LDAP user that's mapped with the ldap-group configuration -- Change the GID value on the server-side for the user logged in on the above step -- Log in as an LDAP user, and the new GID is not reflected
If there is any modification on the server-side, recommit LDAP configuration on ConfDCLI so that any of the new information such as GID is been reflected on F5OS system.
None