Known Vulnerabilities for products from Freeipa

Listed below are 18 of the newest known vulnerabilities associated with the vendor "Freeipa".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-14612 json Not Provided 2026-07-03 2026-07-07
CVE-2026-11774 json Not Provided 2026-06-11 2026-07-09
CVE-2026-11610 json Not Provided 2026-07-07 2026-07-08
CVE-2025-4404 json Not Provided 2025-06-17 2026-06-30
CVE-2023-5455 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 8.1 - HIGH 2024-01-10 2024-01-26
CVE-2020-1722 json A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the ... 5.3 - MEDIUM 2020-04-27 2023-02-12
CVE-2019-14867 json A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3... 8.8 - HIGH 2019-11-27 2023-11-07
CVE-2019-14826 json A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker co... 4.4 - MEDIUM 2019-09-17 2019-10-09
CVE-2019-10195 json A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3... 6.5 - MEDIUM 2019-11-27 2023-11-07
CVE-2017-12169 json It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permi... 7.5 - HIGH 2018-01-10 2018-04-17
CVE-2017-11191 json ** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking rest... 8.8 - HIGH 2017-09-28 2023-11-07
CVE-2017-2590 json A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user... 8.1 - HIGH 2018-07-27 2019-10-09
CVE-2016-9575 json Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying c... 6.3 - MEDIUM 2018-03-13 2019-10-09
CVE-2016-7030 json FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remot... 7.5 - HIGH 2017-08-28 2018-01-05
CVE-2016-5414 json FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. Not Provided 2017-06-27 2025-04-20
CVE-2016-5404 json The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated ... Not Provided 2016-09-07 2026-05-06
CVE-2015-5284 json ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, whic... 9.8 - CRITICAL 2017-09-21 2017-10-04
CVE-2015-5179 json FreeIPA might display user data improperly via vectors involving non-printable characters. 7.5 - HIGH 2017-09-20 2017-10-03
CVE-2015-1827 json The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when proces... Not Provided 2015-03-30 2026-05-06
CVE-2014-7850 json Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrar... Not Provided 2014-11-28 2026-05-06

Known software with vulnerabilities from Freeipa

Type Vendor Product Version
ApplicationFreeipaFreeipa-
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report