Lucene search

RedHatRHSA-2024:0139

HistoryJan 10, 2024 - 12:29 p.m.

(RHSA-2024:0139) Moderate: idm:DL1 security update

2024-01-1012:29:21

access.redhat.com

red hat identity management

security update

kerberos

csrf protection

cve-2020-17049

cve-2023-5455

authentication

authorization

enterprise

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.027 Low

EPSS

Percentile

90.4%

JSON

Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

Kerberos: delegation constrain bypass in S4U2Proxy (CVE-2020-17049)
ipa: Invalid CSRF protection (CVE-2023-5455)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyppc64leopendnssec< 2.1.7-1.module+el8.4.0+9007+5084bdd8opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.ppc64le.rpm
RedHatanyx86_64ipa-server-debuginfo< 4.9.8-11.module+el8.6.0+20984+095e5c46ipa-server-debuginfo-4.9.8-11.module+el8.6.0+20984+095e5c46.x86_64.rpm
RedHatanys390xipa-debuginfo< 4.9.8-11.module+el8.6.0+20984+095e5c46ipa-debuginfo-4.9.8-11.module+el8.6.0+20984+095e5c46.s390x.rpm
RedHatanynoarchpython3-custodia< 0.6.0-3.module+el8.1.0+4098+f286395epython3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm
RedHatanynoarchipa-python-compat< 4.9.8-11.module+el8.6.0+20984+095e5c46ipa-python-compat-4.9.8-11.module+el8.6.0+20984+095e5c46.noarch.rpm
RedHatanyaarch64slapi-nis-debugsource< 0.60.0-1.module+el8.6.0+16878+6c033536slapi-nis-debugsource-0.60.0-1.module+el8.6.0+16878+6c033536.aarch64.rpm
RedHatanyppc64leopendnssec-debuginfo< 2.1.7-1.module+el8.4.0+9007+5084bdd8opendnssec-debuginfo-2.1.7-1.module+el8.4.0+9007+5084bdd8.ppc64le.rpm
RedHatanyaarch64ipa-server-trust-ad< 4.9.8-11.module+el8.6.0+20984+095e5c46ipa-server-trust-ad-4.9.8-11.module+el8.6.0+20984+095e5c46.aarch64.rpm
RedHatanyppc64leipa-server-trust-ad-debuginfo< 4.9.8-11.module+el8.6.0+20984+095e5c46ipa-server-trust-ad-debuginfo-4.9.8-11.module+el8.6.0+20984+095e5c46.ppc64le.rpm
RedHatanyaarch64opendnssec< 2.1.7-1.module+el8.4.0+9007+5084bdd8opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	ppc64le	opendnssec	< 2.1.7-1.module+el8.4.0+9007+5084bdd8	opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.ppc64le.rpm
RedHat	any	x86_64	ipa-server-debuginfo	< 4.9.8-11.module+el8.6.0+20984+095e5c46	ipa-server-debuginfo-4.9.8-11.module+el8.6.0+20984+095e5c46.x86_64.rpm
RedHat	any	s390x	ipa-debuginfo	< 4.9.8-11.module+el8.6.0+20984+095e5c46	ipa-debuginfo-4.9.8-11.module+el8.6.0+20984+095e5c46.s390x.rpm
RedHat	any	noarch	python3-custodia	< 0.6.0-3.module+el8.1.0+4098+f286395e	python3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm
RedHat	any	noarch	ipa-python-compat	< 4.9.8-11.module+el8.6.0+20984+095e5c46	ipa-python-compat-4.9.8-11.module+el8.6.0+20984+095e5c46.noarch.rpm
RedHat	any	aarch64	slapi-nis-debugsource	< 0.60.0-1.module+el8.6.0+16878+6c033536	slapi-nis-debugsource-0.60.0-1.module+el8.6.0+16878+6c033536.aarch64.rpm
RedHat	any	ppc64le	opendnssec-debuginfo	< 2.1.7-1.module+el8.4.0+9007+5084bdd8	opendnssec-debuginfo-2.1.7-1.module+el8.4.0+9007+5084bdd8.ppc64le.rpm
RedHat	any	aarch64	ipa-server-trust-ad	< 4.9.8-11.module+el8.6.0+20984+095e5c46	ipa-server-trust-ad-4.9.8-11.module+el8.6.0+20984+095e5c46.aarch64.rpm
RedHat	any	ppc64le	ipa-server-trust-ad-debuginfo	< 4.9.8-11.module+el8.6.0+20984+095e5c46	ipa-server-trust-ad-debuginfo-4.9.8-11.module+el8.6.0+20984+095e5c46.ppc64le.rpm
RedHat	any	aarch64	opendnssec	< 2.1.7-1.module+el8.4.0+9007+5084bdd8	opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.aarch64.rpm