Vulnerabilities > Freeipa

DATE CVE VULNERABILITY TITLE RISK
2024-06-12 CVE-2024-2698 Incorrect Authorization vulnerability in Freeipa 4.11.0/4.11.1/4.12.0
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets.
network
low complexity
freeipa CWE-863
8.8
2024-01-10 CVE-2023-5455 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.
network
low complexity
freeipa fedoraproject redhat CWE-352
6.5
2020-04-27 CVE-2020-1722 Resource Exhaustion vulnerability in multiple products
A flaw was found in all ipa versions 4.x.x through 4.8.0.
network
high complexity
freeipa redhat CWE-400
5.3
2019-11-27 CVE-2019-14867 Resource Exhaustion vulnerability in multiple products
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data.
network
low complexity
freeipa fedoraproject CWE-400
8.8
2019-11-27 CVE-2019-10195 Information Exposure Through Log Files vulnerability in multiple products
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations.
network
low complexity
freeipa fedoraproject CWE-532
6.5
2019-11-25 CVE-2012-5631 Reliance on Cookies without Validation and Integrity Checking vulnerability in Freeipa 3.0.0
ipa 3.0 does not properly check server identity before sending credential containing cookies
network
freeipa CWE-565
6.8
2019-09-17 CVE-2019-14826 Insufficient Session Expiration vulnerability in multiple products
A flaw was found in FreeIPA versions 4.5.0 and later.
local
low complexity
freeipa redhat CWE-613
2.1
2018-07-27 CVE-2017-2590 Permission Issues vulnerability in multiple products
A vulnerability was found in ipa before 4.4.
network
low complexity
freeipa redhat CWE-275
5.5
2018-03-13 CVE-2016-9575 Improper Authorization vulnerability in Freeipa
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command.
network
low complexity
freeipa CWE-285
6.5
2018-01-10 CVE-2017-12169 Information Exposure vulnerability in Freeipa
It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission.
network
low complexity
freeipa CWE-200
4.0