2 matches found
ipa: Invalid CSRF protection
A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During...
PT-2024-2549 · Freeipa +8 · Freeipa +8
Name of the Vulnerable Software and Affected Versions: FreeIPA versions all supported versions Description: A Cross-site request forgery vulnerability exists in the "ipa/session/login password" endpoint, allowing an attacker to trick the user into submitting a request that could perform actions a...