rpm package
almalinux/ipa-selinux-luna
pkg:rpm/almalinux/ipa-selinux-luna
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-7493 | Cri | 9.1 | < 4.12.2-14.el9_6.5 | 4.12.2-14.el9_6.5 | Sep 30, 2025 | A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM crede | |
| CVE-2025-4404 | Cri | 9.1 | < 4.12.2-14.el9_6.1 | 4.12.2-14.el9_6.1 | Jun 17, 2025 | A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM | |
| CVE-2024-11029 | Med | 5.5 | < 4.12.2-1.el9_5.3 | 4.12.2-1.el9_5.3 | Jan 15, 2025 | A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal data |
- affected < 4.12.2-14.el9_6.5fixed 4.12.2-14.el9_6.5
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM crede
- affected < 4.12.2-14.el9_6.1fixed 4.12.2-14.el9_6.1
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM
- affected < 4.12.2-1.el9_5.3fixed 4.12.2-1.el9_5.3
A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal data