Session Cookie Retention Flaw in FreeIPA by Red Hat
CVE-2019-14826
5.6MEDIUM
Summary
A vulnerability in FreeIPA versions 4.5.0 and later allows for session cookies to persist in the cache even after a user logs out. This flaw can be exploited by an attacker who obtains valid session cookies, potentially granting unauthorized access to the user's session. Proper management of session cookies is crucial to prevent unauthorized access and enhance security protocols.
Affected Version(s)
ipa FreeIPA versions 4.5.0 and later
References
CVSS V3.1
Score:
5.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved