Vulnerabilities > Freeipa > Freeipa > 4.8.5

DATE CVE VULNERABILITY TITLE RISK
2024-01-10 CVE-2023-5455 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.
network
low complexity
freeipa fedoraproject redhat CWE-352
6.5
6.5
2019-09-17 CVE-2019-14826 Insufficient Session Expiration vulnerability in multiple products
A flaw was found in FreeIPA versions 4.5.0 and later.
local
low complexity
freeipa redhat CWE-613
4.4
4.4
2018-01-10 CVE-2017-12169 Information Exposure vulnerability in Freeipa
It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission.
network
low complexity
freeipa CWE-200
7.5
7.5
2017-09-20 CVE-2015-5179 Improper Input Validation vulnerability in Freeipa
FreeIPA might display user data improperly via vectors involving non-printable characters.
network
low complexity
freeipa CWE-20
7.5
7.5