Vulnerabilities > Freeipa > Freeipa > 4.6.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-10 | CVE-2023-5455 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. | 6.5 |
2020-04-27 | CVE-2020-1722 | Resource Exhaustion vulnerability in multiple products A flaw was found in all ipa versions 4.x.x through 4.8.0. | 5.3 |
2019-11-27 | CVE-2019-14867 | Resource Exhaustion vulnerability in multiple products A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. | 8.8 |
2019-11-27 | CVE-2019-10195 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. | 6.5 |
2019-09-17 | CVE-2019-14826 | Insufficient Session Expiration vulnerability in multiple products A flaw was found in FreeIPA versions 4.5.0 and later. | 2.1 |
2018-01-10 | CVE-2017-12169 | Information Exposure vulnerability in Freeipa It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. | 4.0 |
2017-09-28 | CVE-2017-11191 | Session Fixation vulnerability in Freeipa FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. | 8.8 |