CVE-2024-1481

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions FreeIPA (affected versions not specified)

Description The issue is related to insufficient input validation in the ipautil.py script's run() function on the FreeIPA server, specifically with the user parameter (/sip/session/login password). This may allow a remote attacker to craft HTTP requests that can be interpreted as command arguments to kinit on the FreeIPA server, potentially leading to unauthorized access to protected information or a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Improper Resource Release

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-20

Related Identifiers

ALSA-2024:2147

ALT-PU-2024-11569

ALT-PU-2024-16844

ALT-PU-2024-17541

BDU:2024-01678

CESA-2024_3044

CVE-2024-1481

DLA-3773-1

INFSA-2024_2147

INFSA-2024_3044

RHSA-2024:2147

RHSA-2024:3044

RHSA-2024_2147

RHSA-2024_3044

RLSA-2024:3044

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Freeipa

Red Hat

Red Os

Rocky Linux

CVE-2024-1481

Weakness Enumeration

Related Identifiers

Affected Products

References · 52