Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
freeipa freeipa vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-10138
A flaw exists in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.
Python Novajoin
7.5
CVSSv3
CVE-2017-12169
It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security i...
Freeipa Freeipa
8.8
CVSSv3
CVE-2017-11191
FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exi...
Freeipa Freeipa 4.0.5
Freeipa Freeipa 4.1.1
Freeipa Freeipa 4.0.2
Freeipa Freeipa 4.6.0
Freeipa Freeipa 4.4.0
Freeipa Freeipa 4.0.0
Freeipa Freeipa 4.0.3
Freeipa Freeipa 4.1.0
Freeipa Freeipa 4.0.1
Freeipa Freeipa 4.0.4
Freeipa Freeipa 4.6.1
Freeipa Freeipa 4.5.0
Freeipa Freeipa 4.5.1
Freeipa Freeipa 4.5.2
Freeipa Freeipa 4.5.3
Freeipa Freeipa 4.4.1
Freeipa Freeipa 4.4.2
Freeipa Freeipa 4.4.3
Freeipa Freeipa 4.4.4
Freeipa Freeipa 4.3.3
Freeipa Freeipa 4.3.0
Freeipa Freeipa 4.3.1
9.8
CVSSv3
CVE-2015-5284
ipa-kra-install in FreeIPA prior to 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.
Freeipa Freeipa
7.5
CVSSv3
CVE-2015-5179
FreeIPA might display user data improperly via vectors involving non-printable characters.
Freeipa Freeipa
NA
CVE-2015-1827
The get_user_grouplist function in the extdom plug-in in FreeIPA prior to 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote malicious users to cause a denial of service (crash) via a group list request for a user that belongs to a large ...
Freeipa Freeipa
Fedoraproject Fedora 22
Fedoraproject Fedora 21
NA
CVE-2014-7850
Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x prior to 4.1.2 allows remote malicious users to inject arbitrary web script or HTML via vectors related to breadcrumb navigation.
Freeipa Freeipa 4.0.3
Freeipa Freeipa 4.0.2
Freeipa Freeipa 4.0.1
Freeipa Freeipa 4.0.0
Freeipa Freeipa 4.1.0
Freeipa Freeipa 4.0.4
Freeipa Freeipa 4.1.1
Freeipa Freeipa 4.0.5
NA
CVE-2014-7828
FreeIPA 4.0.x prior to 4.0.5 and 4.1.x prior to 4.1.1, when 2FA is enabled, allows remote malicious users to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind.
Freeipa Freeipa 4.0.0
Freeipa Freeipa 4.0.1
Freeipa Freeipa 4.0.2
Freeipa Freeipa 4.0.3
Freeipa Freeipa 4.0.4
Freeipa Freeipa 4.1.1
NA
CVE-2013-0336
The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA prior to 3.2.0 allows remote malicious users to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 d...
Redhat Freeipa 3.1.4
Redhat Freeipa
Redhat Freeipa 3.1.2
Redhat Freeipa 3.1.3
Redhat Freeipa 3.0.0
Redhat Freeipa 3.0.1
Redhat Freeipa 3.0.2
Redhat Freeipa 3.1.1
NA
CVE-2013-0199
The default LDAP ACIs in FreeIPA 3.0 prior to 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote malicious users to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.
Redhat Freeipa 3.0.0
Redhat Freeipa 3.0.1
Redhat Freeipa 3.0.2
Redhat Freeipa 3.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »