The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of FreeIPA

FreeIPA: information disclosure via Command Logged Passwords
An attacker can bypass access restrictions to data via Command Logged Passwords of FreeIPA, in order to obtain sensitive information...
CVE-2019-10195, FEDORA-2019-8e9093da55, FEDORA-2019-c64e1612f5, RHSA-2020:0378-01, VIGILANCE-VUL-30985
FreeIPA: privilege escalation via session cookie steling
An attacker can reuse a stolen session cookie for FreeIPA after user logout, in order to get his privileges...
1746944, CVE-2019-14826, VIGILANCE-VUL-30358
FreeIPA: privilege escalation via Authn/TOTP
An attacker can bypass restrictions via Authn/TOTP of FreeIPA, in order to escalate his privileges...
7262, FEDORA-2018-39051f69b7, VIGILANCE-VUL-27098
FreeIPA: information disclosure via Read Stage Users
An attacker can bypass access restrictions to data via Read Stage Users of FreeIPA, in order to obtain sensitive information...
1487697, CVE-2017-12169, VIGILANCE-VUL-25026
FreeIPA: Man-in-the-Middle via CA SubjectAltNames ACL
An attacker can act as a Man-in-the-Middle via CA SubjectAltNames ACL on FreeIPA, in order to read or write data in the session...
1360757, CVE-2016-5414, VIGILANCE-VUL-23094
FreeIPA: privilege escalation via CA Commands
An attacker can bypass restrictions via ca-del, ca-disable and ca-enable commands of FreeIPA, in order to escalate his privileges...
CVE-2017-2590, FEDORA-2017-98f85533f0, RHSA-2017:0388-01, VIGILANCE-VUL-22008
FreeIPA: two vulnerabilities
An attacker can use several vulnerabilities of FreeIPA...
CVE-2016-7030, CVE-2016-9575, FEDORA-2016-ca1d1e1dc1, FEDORA-2016-d337166907, RHSA-2017:0001-01, VIGILANCE-VUL-21418
jwcrypto: information disclosure
An attacker can bypass access restrictions to data of jwcrypto, in order to obtain sensitive information...
CVE-2016-6298, FEDORA-2016-7b4a60ae66, FEDORA-2016-dcf5cad792, VIGILANCE-VUL-20571
FreeIPA: denial of service via cert_revoke
An attacker, who has the "retrieve certificate" permission, can revoke certificates on FreeIPA, in order to trigger a denial of service...
1351593, CVE-2016-5404, FEDORA-2016-7898627d08, FEDORA-2016-92a3655b70, RHSA-2016:1797-01, VIGILANCE-VUL-20426
FreeIPA: private KRA key reading
A local attacker can read the private KRA key of FreeIPA, in order to obtain sensitive information...
CVE-2015-5284, VIGILANCE-VUL-18065
Our database contains other pages. You can request a free trial to read them.

Display information about FreeIPA: