Session Cookie Retention Flaw in FreeIPA by Red Hat
CVE-2019-14826

5.6MEDIUM

Key Information:

Vendor: Red Hat
Status: Ipa
Vendor: CVE Published:; 17 September 2019

Summary

A vulnerability in FreeIPA versions 4.5.0 and later allows for session cookies to persist in the cache even after a user logs out. This flaw can be exploited by an attacker who obtains valid session cookies, potentially granting unauthorized access to the user's session. Proper management of session cookies is crucial to prevent unauthorized access and enhance security protocols.

Affected Version(s)

ipa FreeIPA versions 4.5.0 and later

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14826

x_refsource_CONFIRM

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2019
Vulnerability Reserved
Aug 10, 2019