Описание
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 4.4.3-3ubuntu2.1 |
| bionic | not-affected | 4.4.3-3ubuntu2.1 |
| cosmic | not-affected | 4.4.3-3ubuntu2.1 |
| devel | not-affected | 4.4.3-3ubuntu2.1 |
| disco | not-affected | 4.4.3-3ubuntu2.1 |
| eoan | not-affected | 4.4.3-3ubuntu2.1 |
| esm-apps/bionic | not-affected | 4.4.3-3ubuntu2.1 |
| esm-apps/focal | not-affected | 4.4.3-3ubuntu2.1 |
| esm-apps/jammy | not-affected | 4.4.3-3ubuntu2.1 |
| esm-apps/xenial | released | 4.3.1-0ubuntu1+esm1 |
Показывать по
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
The cert_revoke command in FreeIPA does not check for the "revoke cert ...
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3