VYPR

Freeipa

by Red Hat

CVEs (8)

  • CVE-2025-4404CriJun 17, 2025
    risk 0.59cvss 9.1epss 0.02

    A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM…

  • CVE-2024-1481MedApr 10, 2024
    risk 0.34cvss 5.3epss 0.01

    A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.

  • CVE-2023-5455Jan 10, 2024
    risk 0.00cvss epss 0.01

    A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system…

  • CVE-2013-0336Nov 3, 2014
    risk 0.00cvss epss 0.03

    The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389…

  • CVE-2013-0199May 29, 2014
    risk 0.00cvss epss 0.02

    The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.

  • CVE-2012-5484Jan 27, 2013
    risk 0.00cvss epss 0.01

    The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.

  • CVE-2011-3636Dec 8, 2011
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.

  • CVE-2008-3274Sep 12, 2008
    risk 0.00cvss epss 0.02

    The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.