Lucene search

[email protected]CVE-2019-14826

HistorySep 17, 2019 - 4:15 p.m.

CVE-2019-14826

2019-09-1716:15:00

CWE-613

[email protected]

web.nvd.nist.gov

freeipa

cve-2019-14826

session cookies

unauthorized access

nvd

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.8 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

12.0%

JSON

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.

VendorProductVersionCPE
redhatenterprise_ipa*cpe:2.3:a:redhat:enterprise_ipa:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	enterprise_ipa	*	cpe:2.3:a:redhat:enterprise_ipa::::::::

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14826

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.8 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

12.0%

JSON

Related for CVE-2019-14826

prion1 nessus2 ubuntucve1 osv1 debiancve1 redhatcve1 cvelist1