ALT-PU-2024-16844-2

Package update freeipa in branch c10f1

Version4.9.14-alt1.c10f2.1

Published2024-12-17

Max severityMEDIUM

Severity:

Closed issues (2)

MEDIUM5.3

Уязвимость функции run() сценария сервера FreeIPA, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Published: 2024-03-04Modified: 2025-10-29

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

References

CVE-2024-1481

MEDIUM5.3

A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.

Published: 2024-04-10Modified: 2026-04-15

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References