ipa is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability exists as a remote attacker could trick a user, who was logged into the management web interface, into visiting a specially-crafted URL, the attacker could perform Red Hat Identity Management configuration changes with the privileges of the logged in user.
CPE | Name | Operator | Version |
---|---|---|---|
ipa | eq | 2.0.0__23.el6_1.1 | |
ipa | eq | 2.0.0__23.el6 | |
ipa | eq | 2.0.0__23.el6_1.2 | |
ipa | eq | 2.0.0__23.el6_1.1 | |
ipa | eq | 2.0.0__23.el6 | |
ipa | eq | 2.0.0__23.el6_1.2 |
freeipa.org/page/IPAv2_214
access.redhat.com/errata/RHSA-2011:1533
access.redhat.com/security/cve/CVE-2011-3636
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=747710
docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.2_Technical_Notes/ipa.html#RHBA-2011-1533