Vulnerabilities > Freeipa > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-10 | CVE-2023-5455 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. | 6.5 |
| 2020-04-27 | CVE-2020-1722 | Resource Exhaustion vulnerability in multiple products A flaw was found in all ipa versions 4.x.x through 4.8.0. | 5.3 |
| 2019-11-27 | CVE-2019-10195 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. | 6.5 |
| 2019-11-25 | CVE-2012-5631 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Freeipa 3.0.0 ipa 3.0 does not properly check server identity before sending credential containing cookies | 6.8 |
| 2018-07-27 | CVE-2017-2590 | Permission Issues vulnerability in multiple products A vulnerability was found in ipa before 4.4. | 5.5 |
| 2018-03-13 | CVE-2016-9575 | Improper Authorization vulnerability in Freeipa Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. | 6.5 |
| 2018-01-10 | CVE-2017-12169 | Information Exposure vulnerability in Freeipa It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. | 4.0 |
| 2017-09-21 | CVE-2015-5284 | Information Exposure vulnerability in Freeipa ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable. | 5.0 |
| 2017-09-20 | CVE-2015-5179 | Improper Input Validation vulnerability in Freeipa FreeIPA might display user data improperly via vectors involving non-printable characters. | 5.0 |
| 2017-08-28 | CVE-2016-7030 | Credentials Management vulnerability in Freeipa 4.6.0 FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on. | 5.0 |