A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Freeipa | Freeipa | * | 4.6.10 (excluding) |
Freeipa | Freeipa | 4.7.0 (including) | 4.9.14 (excluding) |
Freeipa | Freeipa | 4.10.0 (including) | 4.10.3 (excluding) |
Freeipa | Freeipa | 4.11.0 (including) | 4.11.0 (including) |
Freeipa | Freeipa | 4.11.0-beta1 (including) | 4.11.0-beta1 (including) |
Freeipa | Ubuntu | bionic | * |
Freeipa | Ubuntu | lunar | * |
Freeipa | Ubuntu | mantic | * |
Freeipa | Ubuntu | trusty | * |
Freeipa | Ubuntu | trusty/esm | * |
Freeipa | Ubuntu | xenial | * |
Red Hat Enterprise Linux 7 | RedHat | ipa-0:4.6.8-5.el7_9.16 | * |
Red Hat Enterprise Linux 8 | RedHat | idm:DL1-8090020231201152514.3387e3d0 | * |
Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | idm:DL1-8020020231123154806.792f4060 | * |
Red Hat Enterprise Linux 8.2 Telecommunications Update Service | RedHat | idm:DL1-8020020231123154806.792f4060 | * |
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | RedHat | idm:DL1-8020020231123154806.792f4060 | * |
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | idm:DL1-8040020231123154610.5b01ab7e | * |
Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | idm:DL1-8040020231123154610.5b01ab7e | * |
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | idm:DL1-8040020231123154610.5b01ab7e | * |
Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | idm:DL1-8060020231208020207.ada582f1 | * |
Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | krb5-0:1.18.2-16.el8_6 | * |
Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | idm:DL1-8080020231201153604.b0a6ceea | * |
Red Hat Enterprise Linux 9 | RedHat | ipa-0:4.10.2-5.el9_3 | * |
Red Hat Enterprise Linux 9.0 Extended Update Support | RedHat | ipa-0:4.9.8-9.el9_0 | * |
Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | ipa-0:4.10.1-10.el9_2 | * |