rpm package
almalinux/ipa-selinux
pkg:rpm/almalinux/ipa-selinux
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-59089 | Med | 5.9 | < 4.9.13-20.module_el8.10.0+4050+3b475c71 | 4.9.13-20.module_el8.10.0+4050+3b475c71 | Nov 12, 2025 | If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's respo | |
| CVE-2025-59088 | Hig | 8.6 | < 4.9.13-20.module_el8.10.0+4050+3b475c71 | 4.9.13-20.module_el8.10.0+4050+3b475c71 | Nov 12, 2025 | If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could | |
| CVE-2025-7493 | Cri | 9.1 | < 4.12.2-14.el9_6.5 | 4.12.2-14.el9_6.5 | Sep 30, 2025 | A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM crede | |
| CVE-2025-4404 | Cri | 9.1 | < 4.12.2-14.el9_6.1 | 4.12.2-14.el9_6.1 | Jun 17, 2025 | A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM | |
| CVE-2024-11029 | Med | 5.5 | < 4.12.2-1.el9_5.3 | 4.12.2-1.el9_5.3 | Jan 15, 2025 | A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal data | |
| CVE-2024-3183 | — | < 4.11.0-15.el9_4.alma.1 | 4.11.0-15.el9_4.alma.1 | Jun 12, 2024 | A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key d | ||
| CVE-2024-2698 | — | < 4.11.0-15.el9_4.alma.1 | 4.11.0-15.el9_4.alma.1 | Jun 12, 2024 | A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If th | ||
| CVE-2024-1481 | Med | 5.3 | < 4.11.0-9.el9_4 | 4.11.0-9.el9_4 | Apr 10, 2024 | A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. | |
| CVE-2023-5455 | — | < 4.10.2-5.el9_3.alma.1 | 4.10.2-5.el9_3.alma.1 | Jan 10, 2024 | A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system int | ||
| CVE-2020-25719 | — | < 4.9.6-10.module_el8.5.0+2603+92118e57 | 4.9.6-10.module_el8.5.0+2603+92118e57 | Feb 18, 2022 | A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found withi | ||
| CVE-2020-17049 | — | < 4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1 | 4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1 | Nov 11, 2020 | A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could tam |
- affected < 4.9.13-20.module_el8.10.0+4050+3b475c71fixed 4.9.13-20.module_el8.10.0+4050+3b475c71
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's respo
- affected < 4.9.13-20.module_el8.10.0+4050+3b475c71fixed 4.9.13-20.module_el8.10.0+4050+3b475c71
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could
- affected < 4.12.2-14.el9_6.5fixed 4.12.2-14.el9_6.5
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM crede
- affected < 4.12.2-14.el9_6.1fixed 4.12.2-14.el9_6.1
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM
- affected < 4.12.2-1.el9_5.3fixed 4.12.2-1.el9_5.3
A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal data
- CVE-2024-3183Jun 12, 2024affected < 4.11.0-15.el9_4.alma.1fixed 4.11.0-15.el9_4.alma.1
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key d
- CVE-2024-2698Jun 12, 2024affected < 4.11.0-15.el9_4.alma.1fixed 4.11.0-15.el9_4.alma.1
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If th
- affected < 4.11.0-9.el9_4fixed 4.11.0-9.el9_4
A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.
- CVE-2023-5455Jan 10, 2024affected < 4.10.2-5.el9_3.alma.1fixed 4.10.2-5.el9_3.alma.1
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system int
- CVE-2020-25719Feb 18, 2022affected < 4.9.6-10.module_el8.5.0+2603+92118e57fixed 4.9.6-10.module_el8.5.0+2603+92118e57
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found withi
- CVE-2020-17049Nov 11, 2020affected < 4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1fixed 4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1
A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could tam