A flaw was found in FreeIPA. This issue may allow a remote malicious user to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.
Debian Bug report logs -
#1065106
freeipa: CVE-2024-1481
Package:
src:freeipa;
Maintainer for src:freeipa is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 29 Feb 2024 21:03:01 UTC
Severity: important
Tags: security, upstream
Found in ...
A flaw was found in FreeIPA This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service (CVE-2024-1481) ...
Description<!---->A flaw was found in FreeIPA This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of serviceA flaw was found in FreeIPA This issue may allow a remote attacker to craft a HTTP request with parameters t ...