Latest version: v4.12.2
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2019-14867 | 54154 |
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x v… |
|
HIGH | 8.8 |
| CVE-2023-5455 | 65209 |
A Cross-site request forgery vulnerability exists in ipa/session/logi… |
|
MEDIUM | 6.5 |
| CVE-2019-10195 | 54129 |
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x v… |
|
MEDIUM | 6.5 |
| CVE-2014-7828 | 70473 |
FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enable… |
|
LOW | 3.5 |
| CVE-2016-7030 | 70516 |
FreeIPA uses a default password policy that locks an account after 5 … |
|
HIGH | 7.5 |
| CVE-2015-5179 | 70469 |
FreeIPA might display user data improperly via vectors involving non-… |
|
HIGH | 7.5 |
| CVE-2016-9575 | 70518 |
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not… |
|
MEDIUM | 6.3 |
| CVE-2017-2590 | 67440 |
A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable… |
|
HIGH | 8.1 |
| CVE-2016-5414 | 70514 |
FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN nam… |
|
HIGH | 7.5 |
| CVE-2016-5404 | 70534 |
The cert_revoke command in FreeIPA does not check for the "revoke cer… |
|
MEDIUM | 6.5 |
| CVE-2015-5284 | 70467 |
ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate… |
|
CRITICAL | 9.8 |
| CVE-2017-12169 | 67439 |
It was found that FreeIPA 4.2.0 and later could disclose password has… |
|
HIGH | 7.5 |
| CVE-2015-1827 | 70762 |
The get_user_grouplist function in the extdom plug-in in FreeIPA befo… |
|
MEDIUM | 5.0 |
| CVE-2014-7850 | 70471 |
Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x… |
|
MEDIUM | 4.3 |
| CVE-2020-1722 | 70581 |
A flaw was found in all ipa versions 4.x.x through 4.8.0. When sendin… |
|
MEDIUM | 5.3 |
| CVE-2012-5631 | 67962 |
ipa 3.0 does not properly check server identity before sending creden… |
|
HIGH | 8.8 |