CVE-2017-11191

Опубликовано: 28 сент. 2017

Источник: ubuntu

Приоритет: low

EPSS Низкий

CVSS2: 6.5

CVSS3: 8.8

Описание

FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	ignored	end of standard support, was needs-triage
cosmic	ignored	end of life
devel	not-affected	disputed
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/bionic	not-affected	disputed
esm-apps/focal	not-affected	disputed
esm-apps/jammy	not-affected	disputed
esm-apps/noble	not-affected	disputed

Показывать по

Ссылки на источники

EPSS

Процентиль: 22%

0.00072

Низкий

6.5 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

CVE-2017-11191

CVSS3: 3.1

redhat

больше 8 лет назад

CVE-2017-11191

CVSS3: 8.8

nvd

больше 8 лет назад

CVE-2017-11191

CVSS3: 8.8

debian

больше 8 лет назад

FreeIPA 4.x with API version 2.213 allows a remote authenticated users ...

GHSA-h7qv-cfwh-6fxm

CVSS3: 8.8

github

больше 3 лет назад

** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern.

EPSS

Процентиль: 22%

0.00072

Низкий

6.5 Medium

CVSS2

8.8 High

CVSS3

CVE-2017-11191

Описание

Пакет freeipa

Ссылки на источники

Связанные уязвимости