CVE-2019-14826
4.4
MEDIUM
CVSS 3.1
EPSS 0.11%
Description
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
How to fix CVE-2019-14826
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Debian/freeipa—no fix listed
Is CVE-2019-14826 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.4 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |