FreeIPA kinit Denial of Service Vulnerability
CVE-2024-1481

5.3MEDIUM

Key Information:

Vendor: Red Hat
Status: Freeipa; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 10 April 2024

Summary

A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.

Affected Version(s)

freeipa 4.11.1

References

https://access.redhat.com/security/cve/CVE-2024-1481

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2262169

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 10, 2024
Vulnerability Reserved
Feb 13, 2024

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Sukhov Mikhail (Angara Security) for reporting this issue.