CPE-C0D5388A-3DDB-41E8-A416-EC4504C14450 Detail

CPE Details

FreeIPA 4.3.3

Vendor

freeipa

Product

freeipa

Version

4.3.3

Created

2017-10-12
15h39 +00:00

Modified

2017-10-12
15h39 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:freeipa:freeipa:4.3.3:::::::*

Informations

Vendor

freeipa

Product

freeipa

Version

4.3.3

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2023-5455	2024-01-10 12h33 +00:00	A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.	6.5	Medium
CVE-2020-1722	2020-04-27 18h46 +00:00	A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.	5.3	Medium
CVE-2017-2590	2018-07-27 16h00 +00:00	A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.	8.1	High
CVE-2017-12169	2018-01-10 15h00 +00:00	It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability.	7.5	High
CVE-2017-11191	2017-09-27 17h00 +00:00	FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern	8.8	High
CVE-2015-5179	2017-09-20 14h00 +00:00	FreeIPA might display user data improperly via vectors involving non-printable characters.	7.5	High

FreeIPA 4.3.3

CPE Details

CPE Name: cpe:2.3:a:freeipa:freeipa:4.3.3:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:freeipa:freeipa:4.3.3:::::::*