CVE-2019-14826

5.6MEDIUM

Key Information:

Vendor: Red Hat
Status: Ipa
Vendor: CVE Published:; 17 September 2019

Summary

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.

Affected Version(s)

ipa FreeIPA versions 4.5.0 and later

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14826

x_refsource_CONFIRM

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2019
Vulnerability Reserved
Aug 10, 2019

Collectors

NVD DatabaseMitre Database