Impact: Low Public Date: 2019-09-17 CWE: CWE-613 Bugzilla: 1746944: CVE-2019-14826 ipa: Session not terminated after logout A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
Find out more about CVE-2019-14826 from the MITRE CVE dictionary dictionary and NIST NVD.
Red Hat Enterprise Linux 7:
This vulnerability is currently targeted to be addressed in an upcoming release.
Red Hat Enterprise Linux 8:
This vulnerability is currently targeted to be addressed in an upcoming release.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
CVSS3 Base Score | 5.6 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N |
Attack Vector | Local |
Attack Complexity | High |
Privileges Required | High |
User Interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | None |
Platform | Package | State |
---|---|---|
Red Hat Virtualization 4 | redhat-virtualization-host | Not affected |
Red Hat Enterprise Linux 8 | idm:client/ipa | Not affected |
Red Hat Enterprise Linux 8 | idm:DL1/ipa | Affected |
Red Hat Enterprise Linux 7 | ipa | Affected |
Red Hat Enterprise Linux 6 | ipa | Not affected |