Описание
A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.
Отчет
This vulnerability poses a moderate severity risk due to its potential for a denial of service (DoS) attack and limited exploitation scope. While it allows for influencing the arguments passed to the kinit command, thereby potentially disrupting authentication processes and causing service interruptions, it does not grant unauthorized access to sensitive resources or compromise the integrity of the system. The restricted access rights of the 'ipaapi' user limit the impact to denial of service scenarios, mitigating the risk of unauthorized authentication or access to other accounts via keytab files or cached credentials. Furthermore, the vulnerability does not enable the extraction of sensitive information or the execution of arbitrary commands beyond the context of the kinit command.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | ipa | Out of support scope | ||
| Red Hat Enterprise Linux 8 | idm | Fixed | RHSA-2024:3044 | 22.05.2024 |
| Red Hat Enterprise Linux 8 | idm | Fixed | RHSA-2024:3044 | 22.05.2024 |
| Red Hat Enterprise Linux 9 | ipa | Fixed | RHSA-2024:2147 | 30.04.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.
A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.
A flaw was found in FreeIPA. This issue may allow a remote attacker to ...
A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.
EPSS
5.3 Medium
CVSS3