Vulnerabilities > CVE-2019-14826 - Insufficient Session Expiration vulnerability in multiple products

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

freeipa

redhat

CWE-613

NVD

Published: 2019-09-17

Updated: 2019-10-09

Summary

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.

Vulnerable Configurations

Part	Description	Count
Application	Freeipa Freeipa Freeipa 4.5.0 Freeipa Freeipa 4.5.1 Freeipa Freeipa 4.5.2 Freeipa Freeipa 4.5.3 Freeipa Freeipa 4.5.4 Freeipa Freeipa 4.6.0 Freeipa Freeipa 4.6.1 Freeipa Freeipa 4.6.2 Freeipa Freeipa 4.6.3 Freeipa Freeipa 4.6.4 Freeipa Freeipa 4.6.5 Freeipa Freeipa 4.6.6 Freeipa Freeipa 4.6.7 Freeipa Freeipa 4.6.90 Freeipa Freeipa 4.7.0 Freeipa Freeipa 4.7.1 Freeipa Freeipa 4.7.2 Freeipa Freeipa 4.7.3 Freeipa Freeipa 4.7.4 Freeipa Freeipa 4.7.90 Freeipa Freeipa 4.8.0 Freeipa Freeipa 4.8.1 Freeipa Freeipa 4.8.2 Freeipa Freeipa 4.8.3	25
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 8.0	2

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14826