pkg:Debian/freeipa

All known vulnerabilities

• CRITICAL9.1CVE-2025-7493A privilege escalation flaw from host to domain administrator was found in FreeIPA.
  from 0
• CRITICAL9.1CVE-2025-4404A privilege escalation from host to domain vulnerability was found in the FreeIPA project.
  from 0
• HIGH8.8CVE-2024-2698A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "…
  from 0
• HIGH8.8Code injection in FreeIPA
  from 0, < 4.8.3-1
• HIGH8.1A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key.
  from 0
• HIGH7.5It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission.
  from 0
• HIGH7.5FreeIPA might display user data improperly via vectors involving non-printable characters.
  from 0
• HIGH7.5FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to…
  from 0, < 4.4.4-1
• MEDIUM6.5A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.
  from 0
• MEDIUM6.5The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revok…
  from 0, < 4.3.2-5
• MEDIUM6.3Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate pro…
  from 0, < 4.4.4-1
• MEDIUM5.7FreeIPA logs passwords embedded in commands in calls using batch
  from 0, < 4.8.3-1
• MEDIUM5.5A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl.
  from 0
• MEDIUM5.3freeipa - security update
  from 0, < 4.7.2-3+deb10u1
• MEDIUM5.3freeipa - security update
  from 0
• MEDIUM5.3A flaw was found in all ipa versions 4.x.x through 4.8.0.
  from 0, < 4.8.8-2
• MEDIUM4.4A flaw was found in FreeIPA versions 4.5.0 and later.
  from 0
• —Rejected reason: This CVE was previously published at https://bugzilla.redhat.com/show_bug.cgi?id=2262978 but later rejected for the follow…
  from 0
• —Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script o…
  from 0, < 4.3.1-1
• —FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the t…
  from 0, < 4.0.5-1