Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for ipa by FreeIPA

    CVE-2016-9575 (GCVE-0-2016-9575)

    Vulnerability from nvd – Published: 2018-03-13 13:00 – Updated: 2024-09-16 22:51
    VLAI
    Summary
    Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://bugzilla.redhat.com/show_bug.cgi?id=1395311 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/95068 vdb-entryx_refsource_BID
    http://rhn.redhat.com/errata/RHSA-2017-0001.html vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    FreeIPA ipa Affected: 4.2.x
    Affected: 4.3.x before 4.3.3
    Affected: 4.4.x before 4.4.3
    Create a notification for this product.
    Date Public
    2016-12-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:59:01.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395311"
              },
              {
                "name": "95068",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95068"
              },
              {
                "name": "RHSA-2017:0001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0001.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ipa",
              "vendor": "FreeIPA",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.2.x"
                },
                {
                  "status": "affected",
                  "version": "4.3.x before 4.3.3"
                },
                {
                  "status": "affected",
                  "version": "4.4.x before 4.4.3"
                }
              ]
            }
          ],
          "datePublic": "2016-12-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user\u0027s permissions while modifying certificate profiles in IdM\u0027s certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-30T20:57:02.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395311"
            },
            {
              "name": "95068",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95068"
            },
            {
              "name": "RHSA-2017:0001",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "DATE_PUBLIC": "2016-12-14T00:00:00",
              "ID": "CVE-2016-9575",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ipa",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.2.x"
                              },
                              {
                                "version_value": "4.3.x before 4.3.3"
                              },
                              {
                                "version_value": "4.4.x before 4.4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "FreeIPA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user\u0027s permissions while modifying certificate profiles in IdM\u0027s certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-863"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1395311",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395311"
                },
                {
                  "name": "95068",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95068"
                },
                {
                  "name": "RHSA-2017:0001",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-9575",
        "datePublished": "2018-03-13T13:00:00.000Z",
        "dateReserved": "2016-11-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:51:45.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12169 (GCVE-0-2017-12169)

    Vulnerability from nvd – Published: 2018-01-10 15:00 – Updated: 2024-08-05 18:28
    VLAI
    Summary
    It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    FreeIPA ipa Affected: 4.2.0 and later
    Create a notification for this product.
    Date Public
    2017-09-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:16.611Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487697"
              },
              {
                "name": "102136",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102136"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ipa",
              "vendor": "FreeIPA",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.2.0 and later"
                }
              ]
            }
          ],
          "datePublic": "2017-09-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the \u0027System: Read Stage Users\u0027 permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-16T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487697"
            },
            {
              "name": "102136",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102136"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-12169",
        "datePublished": "2018-01-10T15:00:00.000Z",
        "dateReserved": "2017-08-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:28:16.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9575 (GCVE-0-2016-9575)

    Vulnerability from cvelistv5 – Published: 2018-03-13 13:00 – Updated: 2024-09-16 22:51
    VLAI
    Summary
    Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://bugzilla.redhat.com/show_bug.cgi?id=1395311 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/95068 vdb-entryx_refsource_BID
    http://rhn.redhat.com/errata/RHSA-2017-0001.html vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    FreeIPA ipa Affected: 4.2.x
    Affected: 4.3.x before 4.3.3
    Affected: 4.4.x before 4.4.3
    Create a notification for this product.
    Date Public
    2016-12-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:59:01.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395311"
              },
              {
                "name": "95068",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95068"
              },
              {
                "name": "RHSA-2017:0001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0001.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ipa",
              "vendor": "FreeIPA",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.2.x"
                },
                {
                  "status": "affected",
                  "version": "4.3.x before 4.3.3"
                },
                {
                  "status": "affected",
                  "version": "4.4.x before 4.4.3"
                }
              ]
            }
          ],
          "datePublic": "2016-12-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user\u0027s permissions while modifying certificate profiles in IdM\u0027s certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-30T20:57:02.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395311"
            },
            {
              "name": "95068",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95068"
            },
            {
              "name": "RHSA-2017:0001",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "DATE_PUBLIC": "2016-12-14T00:00:00",
              "ID": "CVE-2016-9575",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ipa",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.2.x"
                              },
                              {
                                "version_value": "4.3.x before 4.3.3"
                              },
                              {
                                "version_value": "4.4.x before 4.4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "FreeIPA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user\u0027s permissions while modifying certificate profiles in IdM\u0027s certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-863"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1395311",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395311"
                },
                {
                  "name": "95068",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95068"
                },
                {
                  "name": "RHSA-2017:0001",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-9575",
        "datePublished": "2018-03-13T13:00:00.000Z",
        "dateReserved": "2016-11-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:51:45.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12169 (GCVE-0-2017-12169)

    Vulnerability from cvelistv5 – Published: 2018-01-10 15:00 – Updated: 2024-08-05 18:28
    VLAI
    Summary
    It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    FreeIPA ipa Affected: 4.2.0 and later
    Create a notification for this product.
    Date Public
    2017-09-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:16.611Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487697"
              },
              {
                "name": "102136",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102136"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ipa",
              "vendor": "FreeIPA",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.2.0 and later"
                }
              ]
            }
          ],
          "datePublic": "2017-09-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the \u0027System: Read Stage Users\u0027 permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-16T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487697"
            },
            {
              "name": "102136",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102136"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-12169",
        "datePublished": "2018-01-10T15:00:00.000Z",
        "dateReserved": "2017-08-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:28:16.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }