CVE-2020-1722

Опубликовано: 27 апр. 2020

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5.4

CVSS3: 5.3

Описание

A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	needs-triage
eoan	ignored	end of life
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	needs-triage
focal	ignored	end of standard support, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 58%

0.00368

Низкий

5.4 Medium

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2020-1722

CVSS3: 5.3

redhat

около 5 лет назад

CVE-2020-1722

CVSS3: 5.3

nvd

около 5 лет назад

CVE-2020-1722

CVSS3: 5.3

debian

около 5 лет назад

A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending ...

GHSA-mvj3-pw74-8w47

CVSS3: 5.3

github

около 3 лет назад

RLSA-2020:4670

rocky

больше 4 лет назад

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

EPSS

Процентиль: 58%

0.00368

Низкий

5.4 Medium

CVSS2

5.3 Medium

CVSS3

CVE-2020-1722

Описание

Пакет freeipa

Ссылки на источники

Связанные уязвимости