OracleLinuxELSA-2024-0145ipa security update
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
7.1 High
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
35.1%
[4.6.8-5.0.1]
- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [Orabug: 20362818]
[4.6.8-5.el7_9.16] - Resolves: RHEL-12570 ipa: Invalid CSRF protection
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 7 | src | ipa | < 4.6.8-5.0.1.el7_9.16 | ipa-4.6.8-5.0.1.el7_9.16.src.rpm |
| oracle linux | 7 | src | ipa | < 4.6.8-5.0.1.el7_9.16 | ipa-4.6.8-5.0.1.el7_9.16.src.rpm |
| oracle linux | 7 | src | ipa | < 4.6.8-5.0.1.el7_9.16 | ipa-4.6.8-5.0.1.el7_9.16.src.rpm |
| oracle linux | 7 | aarch64 | ipa-client | < 4.6.8-5.0.1.el7_9.16 | ipa-client-4.6.8-5.0.1.el7_9.16.aarch64.rpm |
| oracle linux | 7 | aarch64 | ipa-client | < 4.6.8-5.0.1.el7_9.16 | ipa-client-4.6.8-5.0.1.el7_9.16.aarch64.rpm |
| oracle linux | 7 | noarch | ipa-client-common | < 4.6.8-5.0.1.el7_9.16 | ipa-client-common-4.6.8-5.0.1.el7_9.16.noarch.rpm |
| oracle linux | 7 | noarch | ipa-client-common | < 4.6.8-5.0.1.el7_9.16 | ipa-client-common-4.6.8-5.0.1.el7_9.16.noarch.rpm |
| oracle linux | 7 | noarch | ipa-common | < 4.6.8-5.0.1.el7_9.16 | ipa-common-4.6.8-5.0.1.el7_9.16.noarch.rpm |
| oracle linux | 7 | noarch | ipa-common | < 4.6.8-5.0.1.el7_9.16 | ipa-common-4.6.8-5.0.1.el7_9.16.noarch.rpm |
| oracle linux | 7 | noarch | ipa-python-compat | < 4.6.8-5.0.1.el7_9.16 | ipa-python-compat-4.6.8-5.0.1.el7_9.16.noarch.rpm |
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
7.1 High
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
35.1%