Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 26 results


CVE-2024-3183

Medium priority
Needs evaluation

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it...

1 affected packages

freeipa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeipa Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-2698

Medium priority
Needs evaluation

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case...

1 affected packages

freeipa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeipa Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-1481

Medium priority
Needs evaluation

A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.

1 affected packages

freeipa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeipa Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-1271

Medium priority
Needs evaluation

[privileges escalation from root to domain admin]

1 affected packages

freeipa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeipa Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-5455

Medium priority
Needs evaluation

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user,...

1 affected packages

freeipa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeipa Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-1722

Medium priority
Needs evaluation

A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the...

1 affected packages

freeipa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeipa Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-14867

Medium priority
Vulnerable

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which...

1 affected packages

freeipa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeipa Not affected Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2019-10195

Medium priority
Vulnerable

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords...

1 affected packages

freeipa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeipa Not affected Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2012-5631

Unknown priority
Not affected

ipa 3.0 does not properly check server identity before sending credential containing cookies

1 affected packages

freeipa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeipa Not affected Not affected
Show less packages

CVE-2019-14826

Medium priority
Vulnerable

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to...

1 affected packages

freeipa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeipa Vulnerable Vulnerable Vulnerable Vulnerable Not affected
Show less packages