Jcholast

**Name of the Vulnerable Software and Affected Versions** FreeIPA versions prior to 4.2.2 **Description** The issue concerns the installation of ipa-kra-install in FreeIPA, where the CA agent certificate and private key are stored in a world-readable file, /etc/httpd/alias/kra-agent.pem. **Recommendations** For versions prior to 4.2.2, update to version 4.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the /etc/httpd/alias/kra-agent.pem file to minimize the risk of exploitation.