Vulnerabilities > Freeipa > High

DATE CVE VULNERABILITY TITLE RISK
2024-06-12 CVE-2024-2698 Incorrect Authorization vulnerability in Freeipa 4.11.0/4.11.1/4.12.0
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets.
network
low complexity
freeipa CWE-863
8.8
2019-11-27 CVE-2019-14867 Resource Exhaustion vulnerability in multiple products
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data.
network
low complexity
freeipa fedoraproject CWE-400
8.8
2017-09-28 CVE-2017-11191 Session Fixation vulnerability in Freeipa
FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session.
network
low complexity
freeipa CWE-384
8.8