(RHSA-2024:3754) Important: ipa security update

2024-06-1013:34:38

access.redhat.com

red hat identity management

authentication

delegation rules

impersonation

password hash

cve page.

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.3

Confidence

Low

EPSS

Percentile

16.4%

JSON

Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

freeipa: delegation rules allow a proxy service to impersonate any user to access another target service (CVE-2024-2698)
freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force (CVE-2024-3183)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat9s390xipa-server-trust-ad< 4.11.0-15.el9_4ipa-server-trust-ad-4.11.0-15.el9_4.s390x.rpm
RedHat9aarch64ipa-client-debuginfo< 4.11.0-15.el9_4ipa-client-debuginfo-4.11.0-15.el9_4.aarch64.rpm
RedHat9ppc64leipa-client-epn< 4.11.0-15.el9_4ipa-client-epn-4.11.0-15.el9_4.ppc64le.rpm
RedHat9noarchpython3-ipaserver< 4.11.0-15.el9_4python3-ipaserver-4.11.0-15.el9_4.noarch.rpm
RedHat9x86_64ipa-server-trust-ad-debuginfo< 4.11.0-15.el9_4ipa-server-trust-ad-debuginfo-4.11.0-15.el9_4.x86_64.rpm
RedHat9aarch64ipa-client< 4.11.0-15.el9_4ipa-client-4.11.0-15.el9_4.aarch64.rpm
RedHat9s390xipa-server-trust-ad-debuginfo< 4.11.0-15.el9_4ipa-server-trust-ad-debuginfo-4.11.0-15.el9_4.s390x.rpm
RedHat9ppc64leipa-client< 4.11.0-15.el9_4ipa-client-4.11.0-15.el9_4.ppc64le.rpm
RedHat9noarchpython3-ipaclient< 4.11.0-15.el9_4python3-ipaclient-4.11.0-15.el9_4.noarch.rpm
RedHat9ppc64leipa-client-debuginfo< 4.11.0-15.el9_4ipa-client-debuginfo-4.11.0-15.el9_4.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	9	s390x	ipa-server-trust-ad	< 4.11.0-15.el9_4	ipa-server-trust-ad-4.11.0-15.el9_4.s390x.rpm
RedHat	9	aarch64	ipa-client-debuginfo	< 4.11.0-15.el9_4	ipa-client-debuginfo-4.11.0-15.el9_4.aarch64.rpm
RedHat	9	ppc64le	ipa-client-epn	< 4.11.0-15.el9_4	ipa-client-epn-4.11.0-15.el9_4.ppc64le.rpm
RedHat	9	noarch	python3-ipaserver	< 4.11.0-15.el9_4	python3-ipaserver-4.11.0-15.el9_4.noarch.rpm
RedHat	9	x86_64	ipa-server-trust-ad-debuginfo	< 4.11.0-15.el9_4	ipa-server-trust-ad-debuginfo-4.11.0-15.el9_4.x86_64.rpm
RedHat	9	aarch64	ipa-client	< 4.11.0-15.el9_4	ipa-client-4.11.0-15.el9_4.aarch64.rpm
RedHat	9	s390x	ipa-server-trust-ad-debuginfo	< 4.11.0-15.el9_4	ipa-server-trust-ad-debuginfo-4.11.0-15.el9_4.s390x.rpm
RedHat	9	ppc64le	ipa-client	< 4.11.0-15.el9_4	ipa-client-4.11.0-15.el9_4.ppc64le.rpm
RedHat	9	noarch	python3-ipaclient	< 4.11.0-15.el9_4	python3-ipaclient-4.11.0-15.el9_4.noarch.rpm
RedHat	9	ppc64le	ipa-client-debuginfo	< 4.11.0-15.el9_4	ipa-client-debuginfo-4.11.0-15.el9_4.ppc64le.rpm