Session Cookie Retention Flaw in FreeIPA by Red Hat
CVE-2019-14826

5.6MEDIUM

Key Information:

Vendor
Red Hat
Status
Ipa
Vendor
CVE Published:
17 September 2019

Summary

A vulnerability in FreeIPA versions 4.5.0 and later allows for session cookies to persist in the cache even after a user logs out. This flaw can be exploited by an attacker who obtains valid session cookies, potentially granting unauthorized access to the user's session. Proper management of session cookies is crucial to prevent unauthorized access and enhance security protocols.

Affected Version(s)

ipa FreeIPA versions 4.5.0 and later

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14826
x_refsource_CONFIRM

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.