CVSS: 7.8EPSS: 0%CPEs: 59EXPL: 0CVE-2023-5455 – Ipa: invalid csrf protection
https://notcve.org/view.php?id=CVE-2023-5455
10 Jan 2024 — A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing alrea... • https://access.redhat.com/errata/RHSA-2024:0137 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5284
https://notcve.org/view.php?id=CVE-2015-5284
21 Sep 2017 — ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable. ipa-kra-install en FreeIPA en versiones anteriores a la 4.2.2 coloca el certificado de agente CA y la clave privada en /etc/httpd/alias/kra-agent.pem, que puede leer todo el mundo. • https://bugzilla.redhat.com/attachment.cgi?id=1075511 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-5179
https://notcve.org/view.php?id=CVE-2015-5179
20 Sep 2017 — FreeIPA might display user data improperly via vectors involving non-printable characters. FreeIPA podría mostrar de forma incorrecta datos de usuario mediante vectores que incluyen caracteres que no se pueden imprimir. • https://bugzilla.redhat.com/show_bug.cgi?id=1252567 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2017-2590 – ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands
https://notcve.org/view.php?id=CVE-2017-2590
03 Mar 2017 — A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys. Se ha encontrado una vulnerabilidad en ipa en versiones anteriores a la 4.4. Los comandos ca-del, ca-disable, y ca-enable de IdM no co... • http://rhn.redhat.com/errata/RHSA-2017-0388.html • CWE-275: Permission Issues CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0CVE-2015-1827 – ipa: memory corruption when using get_user_grouplist()
https://notcve.org/view.php?id=CVE-2015-1827
26 Mar 2015 — The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups. La función get_user_grouplist en el plug-in extdom en FreeIPA en versiones anteriores a 4.1.4 no reasigna memoria correctamente cuando procesa las cuentas de usuarios, lo que permite a atacantes remotos causar denegación d... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154314.html • CWE-19: Data Processing Errors CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 1CVE-2013-0336
https://notcve.org/view.php?id=CVE-2013-0336
03 Nov 2014 — The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server. La función ipapwd_chpwop en daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c en el servidor del directorio (dirsrv) en FreeIPA anterior a 3.2.0 permite a atacantes remotos causar una denegación de servicio (caída) a ... • http://secunia.com/advisories/52763 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0199
https://notcve.org/view.php?id=CVE-2013-0199
29 May 2014 — The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors. Las instrucciones de control de acceso LDAP por defecto en FreeIPA 3.0 anterior a 3.1.2 no restringen acceso a los atributos (1) ipaNTTrustAuthIncoming y (2) ipaNTTrustAuthOutgoing, lo que permite a atacantes remotos obtener la clave Cross-Realm Kerberos Trust a ... • http://osvdb.org/89539 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.9EPSS: 0%CPEs: 11EXPL: 0CVE-2012-5484 – ipa: weakness when initiating join from IPA client can potentially compromise IPA domain
https://notcve.org/view.php?id=CVE-2012-5484
27 Jan 2013 — The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate. El cliente FreeIPA v2.x y v3.x anterior a v3.1.2 no obtiene de forma adecuada el certificado Certification Authority (CA) del servidor, lo que permite ataques man-in-the-middle para falsear el procedimiento de conexión a través de un certificado manipulado. • http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f • CWE-310: Cryptographic Issues •