CVE-2024-2698

>= 4.11.0 and < 4.11.2

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for grant

8.8HIGH

CVE-2023-5455

< 4.6.10

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows

6.5MEDIUM

CVE-2020-1722

>= 4.0.0 and <= 4.8.0

A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the serve

5.3MEDIUM

CVE-2019-14867

>= 4.6.0 and < 4.6.7

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in

8.8HIGH

CVE-2019-10195

>= 4.6.0 and < 4.6.7

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in

6.5MEDIUM

CVE-2012-5631

all versions

ipa 3.0 does not properly check server identity before sending credential containing cookies

8.8HIGH

CVE-2019-14826

>= 4.5.0

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could a

4.4MEDIUM

CVE-2017-2590

< 4.4.0

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's pe

8.1HIGH

CVE-2016-9575

all versions

Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certif

6.3MEDIUM

CVE-2017-12169

>= 4.2.0

It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission

7.5HIGH

CVE-2017-11191

all versions

FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlo

8.8HIGH

CVE-2015-5284

<= 4.2.1

ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is

9.8CRITICAL

CVE-2015-5179

<= 4.5.0

FreeIPA might display user data improperly via vectors involving non-printable characters.

7.5HIGH

CVE-2016-7030

all versions

FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote att

7.5HIGH

CVE-2016-5414

all versions

FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services.

7.5HIGH

CVE-2016-5404

all versions

The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users

6.5MEDIUM

CVE-2015-1827

<= 4.1.3

The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing

CVE-2014-7850

all versions

Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web

CVE-2014-7828

all versions

FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement

CVE-2013-0336

<= 3.1.5

The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA

CVE-2013-0199

all versions

The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthO

CVE-2012-5484

all versions

The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the serv

CVE-2011-3636

<= 2.1.3

Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hij

CVE-2008-3274

<= 1.1.0

The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the k