Vulnerabilities > Freeipa > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-10 CVE-2023-5455 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.
network
low complexity
freeipa fedoraproject redhat CWE-352
6.5
2020-04-27 CVE-2020-1722 Resource Exhaustion vulnerability in multiple products
A flaw was found in all ipa versions 4.x.x through 4.8.0.
network
high complexity
freeipa redhat CWE-400
5.3
2019-11-27 CVE-2019-10195 Information Exposure Through Log Files vulnerability in multiple products
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations.
network
low complexity
freeipa fedoraproject CWE-532
6.5
2019-09-17 CVE-2019-14826 Insufficient Session Expiration vulnerability in multiple products
A flaw was found in FreeIPA versions 4.5.0 and later.
local
low complexity
freeipa redhat CWE-613
4.4
2018-03-13 CVE-2016-9575 Improper Authorization vulnerability in Freeipa
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command.
network
low complexity
freeipa CWE-285
6.3
2016-09-07 CVE-2016-5404 Improper Access Control vulnerability in multiple products
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
network
low complexity
freeipa oracle fedoraproject CWE-284
6.5