Known Vulnerabilities for products from Freeipa

Listed below are 18 of the newest known vulnerabilities associated with the vendor "Freeipa".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2023-5455 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 8.1 - HIGH 2024-01-10 2024-01-26
CVE-2020-1722 json A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the ... 5.3 - MEDIUM 2020-04-27 2023-02-12
CVE-2019-14867 json A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3... 8.8 - HIGH 2019-11-27 2023-11-07
CVE-2019-14826 json A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker co... 4.4 - MEDIUM 2019-09-17 2019-10-09
CVE-2019-10195 json A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3... 6.5 - MEDIUM 2019-11-27 2023-11-07
CVE-2017-12169 json It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permi... 7.5 - HIGH 2018-01-10 2018-04-17
CVE-2017-11191 json ** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking rest... 8.8 - HIGH 2017-09-28 2023-11-07
CVE-2017-2590 json A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user... 8.1 - HIGH 2018-07-27 2019-10-09
CVE-2016-9575 json Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying c... 6.3 - MEDIUM 2018-03-13 2019-10-09
CVE-2016-7030 json FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remot... 7.5 - HIGH 2017-08-28 2018-01-05
CVE-2016-5414 json FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. 7.5 - HIGH 2017-06-27 2017-07-05
CVE-2016-5404 json The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated ... 6.5 - MEDIUM 2016-09-07 2023-02-12
CVE-2015-5284 json ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, whic... 9.8 - CRITICAL 2017-09-21 2017-10-04
CVE-2015-5179 json FreeIPA might display user data improperly via vectors involving non-printable characters. 7.5 - HIGH 2017-09-20 2017-10-03
CVE-2015-1827 json The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when proces... 5 - MEDIUM 2015-03-30 2023-02-12
CVE-2014-7850 json Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrar... 4.3 - MEDIUM 2014-11-28 2015-02-17
CVE-2014-7828 json FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requir... 3.5 - LOW 2014-11-19 2017-09-08
CVE-2012-5631 json ipa 3.0 does not properly check server identity before sending credential containing cookies 8.8 - HIGH 2019-11-25 2019-12-09

Known software with vulnerabilities from Freeipa

Type Vendor Product Version
ApplicationFreeipaFreeipa-