| Release | Version |
|---|---|
| buster | 4.7.2-3 |
| buster (security) | 4.7.2-3+deb10u1 |
| bookworm | 4.9.11-1 |
| sid | 4.11.1-2 |
| Bug | buster | bookworm | sid | Description |
|---|---|---|---|---|
| CVE-2024-1481 | fixed | vulnerable | vulnerable | A flaw was found in FreeIPA. This issue may allow a remote attacker to ... |
| CVE-2020-1722 | vulnerable (no DSA) | fixed | fixed | A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending ... |
| CVE-2019-14867 | vulnerable (no DSA) | fixed | fixed | A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x ve ... |
| CVE-2019-10195 | vulnerable (no DSA) | fixed | fixed | A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x ve ... |
| Bug | buster | bookworm | sid | Description |
|---|---|---|---|---|
| CVE-2024-1271 | vulnerable | vulnerable | vulnerable | privileges escalation from root to domain admin |
| CVE-2023-5455 | vulnerable | vulnerable | vulnerable | A Cross-site request forgery vulnerability exists in ipa/session/login ... |
| CVE-2019-14826 | vulnerable | vulnerable | vulnerable | A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies ... |
| CVE-2017-12169 | vulnerable | vulnerable | vulnerable | It was found that FreeIPA 4.2.0 and later could disclose password hash ... |
| CVE-2015-5179 | vulnerable | vulnerable | vulnerable | FreeIPA might display user data improperly via vectors involving non-p ... |
| Bug | Description |
|---|---|
| CVE-2017-2590 | A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, ... |
| CVE-2016-9575 | Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not ... |
| CVE-2016-7030 | FreeIPA uses a default password policy that locks an account after 5 u ... |
| CVE-2016-5414 | FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name ... |
| CVE-2016-5404 | The cert_revoke command in FreeIPA does not check for the "revoke cert ... |
| CVE-2015-5284 | ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate ... |
| CVE-2015-1827 | The get_user_grouplist function in the extdom plug-in in FreeIPA befor ... |
| CVE-2014-7850 | Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x ... |
| CVE-2014-7828 | FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled ... |
| DSA / DLA | Description |
|---|---|
| DLA-3773-1 | freeipa - security update |