CVE-2019-14826
Publication date 17 September 2019
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
Status
Package | Ubuntu Release | Status |
---|---|---|
freeipa | 24.10 oracular |
Vulnerable
|
24.04 LTS noble |
Vulnerable
|
|
22.04 LTS jammy |
Vulnerable
|
|
20.04 LTS focal |
Vulnerable
|
|
18.04 LTS bionic |
Vulnerable
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
Notes
msalvatore
Introduced in commit https://pagure.io/freeipa/c/b895f4a34bcbd0b1787d2bfc1db25f34c3584b9c
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.4 · Medium |
Attack vector | Local |
Attack complexity | Low |
Privileges required | High |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |