Information on source package freeipa

Available versions

ReleaseVersion
buster4.7.2-3+deb10u1
bookworm4.9.11-1
sid4.12.2-1

Open issues

BugbusterbookwormsidDescription
CVE-2024-1481fixedvulnerable (no DSA, ignored)fixedA flaw was found in FreeIPA. This issue may allow a remote attacker to ...
CVE-2020-1722vulnerable (no DSA)fixedfixedA flaw was found in all ipa versions 4.x.x through 4.8.0. When sending ...
CVE-2019-14867vulnerable (no DSA)fixedfixedA flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x ve ...
CVE-2019-10195vulnerable (no DSA)fixedfixedA flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x ve ...

Open unimportant issues

BugbusterbookwormsidDescription
CVE-2024-3183vulnerablevulnerablefixedA vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ ...
CVE-2024-2698vulnerablevulnerablefixedA vulnerability was found in FreeIPA in how the initial implementation ...
CVE-2023-5455vulnerablevulnerablefixedA Cross-site request forgery vulnerability exists in ipa/session/login ...
CVE-2019-14826vulnerablevulnerablevulnerableA flaw was found in FreeIPA versions 4.5.0 and later. Session cookies ...
CVE-2017-12169vulnerablevulnerablevulnerableIt was found that FreeIPA 4.2.0 and later could disclose password hash ...
CVE-2015-5179vulnerablevulnerablevulnerableFreeIPA might display user data improperly via vectors involving non-p ...

Resolved issues

BugDescription
CVE-2017-2590A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, ...
CVE-2016-9575Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not ...
CVE-2016-7030FreeIPA uses a default password policy that locks an account after 5 u ...
CVE-2016-5414FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name ...
CVE-2016-5404The cert_revoke command in FreeIPA does not check for the "revoke cert ...
CVE-2015-5284ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate ...
CVE-2015-1827The get_user_grouplist function in the extdom plug-in in FreeIPA befor ...
CVE-2014-7850Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x ...
CVE-2014-7828FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled ...

Security announcements

DSA / DLADescription
DLA-3773-1freeipa - security update

Search for package or bug name: Reporting problems