gsd-2023-5455
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.
Aliases
Aliases
{ GSD: { alias: "CVE-2023-5455", id: "GSD-2023-5455", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2023-5455", ], details: "A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.", id: "GSD-2023-5455", modified: "2023-12-13T01:20:50.604765Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2023-5455", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Red Hat Enterprise Linux 7", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.6.8-5.el7_9.16", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "8090020231201152514.3387e3d0", versionType: "rpm", }, ], }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.2 Advanced Update Support", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231123154806.792f4060", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231123154806.792f4060", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231123154806.792f4060", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231123154610.5b01ab7e", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231123154610.5b01ab7e", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231123154610.5b01ab7e", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.6 Extended Update Support", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "8060020231208020207.ada582f1", versionType: "rpm", }, ], }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.18.2-16.el8_6", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.8 Extended Update Support", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "8080020231201153604.b0a6ceea", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 9", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.10.2-5.el9_3", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 9.0 Extended Update Support", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.9.8-9.el9_0", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 9.2 Extended Update Support", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.10.1-10.el9_2", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 6", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unknown", }, }, ], }, }, ], }, vendor_name: "Red Hat", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.", }, ], }, impact: { cvss: [ { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, ], }, problemtype: { problemtype_data: [ { description: [ { cweId: "CWE-352", lang: "eng", value: "Cross-Site Request Forgery (CSRF)", }, ], }, ], }, references: { reference_data: [ { name: "https://access.redhat.com/errata/RHSA-2024:0137", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0137", }, { name: "https://access.redhat.com/errata/RHSA-2024:0138", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0138", }, { name: "https://access.redhat.com/errata/RHSA-2024:0139", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0139", }, { name: "https://access.redhat.com/errata/RHSA-2024:0140", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0140", }, { name: "https://access.redhat.com/errata/RHSA-2024:0141", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0141", }, { name: "https://access.redhat.com/errata/RHSA-2024:0142", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0142", }, { name: "https://access.redhat.com/errata/RHSA-2024:0143", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0143", }, { name: "https://access.redhat.com/errata/RHSA-2024:0144", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0144", }, { name: "https://access.redhat.com/errata/RHSA-2024:0145", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0145", }, { name: "https://access.redhat.com/errata/RHSA-2024:0252", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:0252", }, { name: "https://access.redhat.com/security/cve/CVE-2023-5455", refsource: "MISC", url: "https://access.redhat.com/security/cve/CVE-2023-5455", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=2242828", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242828", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/", }, { name: "https://www.freeipa.org/release-notes/4-10-3.html", refsource: "MISC", url: "https://www.freeipa.org/release-notes/4-10-3.html", }, { name: "https://www.freeipa.org/release-notes/4-11-1.html", refsource: "MISC", url: "https://www.freeipa.org/release-notes/4-11-1.html", }, { name: "https://www.freeipa.org/release-notes/4-6-10.html", refsource: "MISC", url: "https://www.freeipa.org/release-notes/4-6-10.html", }, { name: "https://www.freeipa.org/release-notes/4-9-14.html", refsource: "MISC", url: "https://www.freeipa.org/release-notes/4-9-14.html", }, ], }, work_around: [ { lang: "en", value: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", }, ], }, "nvd.nist.gov": { cve: { configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeipa:freeipa:*:*:*:*:*:*:*:*", matchCriteriaId: "F01233DD-A506-4E02-B824-994F14CCC178", versionEndExcluding: "4.6.10", vulnerable: true, }, { criteria: "cpe:2.3:a:freeipa:freeipa:*:*:*:*:*:*:*:*", matchCriteriaId: "CE2615F6-DA17-44FD-B7BF-A82F5A005CEA", versionEndExcluding: "4.9.14", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:freeipa:freeipa:*:*:*:*:*:*:*:*", matchCriteriaId: "761C5CBD-6A92-48E7-8C9B-401DD6D1B59F", versionEndExcluding: "4.10.3", versionStartIncluding: "4.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:freeipa:freeipa:4.11.0:-:*:*:*:*:*:*", matchCriteriaId: "0A5B25F1-BFB1-47C8-8BDE-A0E817D175F3", vulnerable: true, }, { criteria: "cpe:2.3:a:freeipa:freeipa:4.11.0:beta1:*:*:*:*:*:*", matchCriteriaId: "4A1F8BF2-0FF7-40FD-A4B4-F040A07BCD64", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", matchCriteriaId: "CA277A6C-83EC-4536-9125-97B84C4FAF59", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*", matchCriteriaId: "1CD81C46-328B-412D-AF4E-68A2AD2F1A73", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:arm64:*", matchCriteriaId: "07670103-FC39-4797-AF5F-1604DA1E6BF5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.4:*:*:*:*:*:*:*", matchCriteriaId: "5DAD1E4A-B22F-432C-97C8-D91D286535F1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:arm64:*", matchCriteriaId: "2244278A-3AC8-437F-9F23-6FA63E7C603D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "83981111-E13A-4A88-80FD-F63D7CCAA47F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "6AAF4A69-A4CC-409E-BC05-FABAE86321B2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "78825319-8A45-4880-B7C4-2B223029DDD3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*", matchCriteriaId: "566507B6-AC95-47F7-A3FB-C6F414E45F51", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*", matchCriteriaId: "87C21FE1-EA5C-498F-9C6C-D05F91A88217", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:*:*:*:*:*:*:*", matchCriteriaId: "D650BFB9-4FDC-4311-8D7E-D981C8F4FA3B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "9EF5C4AC-CA69-41E3-AD93-7AC21931374A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "83364F5C-57F4-4D57-B54F-540CAC1D7753", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "B6C30A81-BF75-46CC-A05E-42BAF271D1C4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "213A5029-FCF9-4EA9-AEF9-21313F6DCBD8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*", matchCriteriaId: "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", matchCriteriaId: "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", matchCriteriaId: "47811209-5CE5-4375-8391-B0A7F6A0E420", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*", matchCriteriaId: "35EEDB95-DCD1-4FED-9BBB-877B2062410C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "729C515E-1DD3-466D-A50B-AFE058FFC94A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "A49ABD84-6755-4894-AD4E-49AAD39933C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "868A6ED7-44DD-44FF-8ADD-9971298A1175", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "71DDE212-1018-4554-9C06-4908442DE134", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", matchCriteriaId: "37CE1DC7-72C5-483C-8921-0B462C8284D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:9.0:*:*:*:*:*:arm64:*", matchCriteriaId: "BC78EE94-02A0-441D-9723-385E6C43CF90", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:9.2:*:*:*:*:*:arm64:*", matchCriteriaId: "ADEB6E4F-E680-40CC-AD70-9872BDE1C66F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_ibm_z_systems:9.2:*:*:*:*:*:*:*", matchCriteriaId: "E0755055-E98F-4A33-B4B9-1BFCFF03EF8E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", matchCriteriaId: "22D095ED-9247-4133-A133-73B7668565E4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", matchCriteriaId: "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3921C1CF-A16D-4727-99AD-03EFFA7C91CA", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", matchCriteriaId: "7614E5D3-4643-4CAE-9578-9BB9D558211F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*", matchCriteriaId: "BE1A81A1-63EC-431C-9CBC-8D28C15AB3E5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*", matchCriteriaId: "FC7D8E93-D4BE-46E7-BDE7-843BF8A33162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*", matchCriteriaId: "083AAC55-E87B-482A-A1F4-8F2DEB90CB23", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*", matchCriteriaId: "1FD9BF0E-7ACF-4A83-B754-6E3979ED903F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.", }, { lang: "es", value: "Existe una vulnerabilidad de Cross-site request forgery en ipa/session/login_password en todas las versiones compatibles de IPA. Este fallo permite a un atacante engañar al usuario para que envĂe una solicitud que podrĂa realizar acciones como el usuario, lo que resulta en una pĂ©rdida de confidencialidad e integridad del sistema. Durante las pruebas de penetraciĂłn de la comunidad, se descubriĂł que para ciertos endpoints HTTP, FreeIPA no garantizan la protecciĂłn CSRF. Debido a los detalles de implementaciĂłn, no se puede utilizar este fallo para reflejar una cookie que represente a un usuario que ya iniciĂł sesiĂłn. Un atacante siempre tendrĂa que realizar un nuevo intento de autenticaciĂłn.", }, ], id: "CVE-2023-5455", lastModified: "2024-02-20T19:05:40.227", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "secalert@redhat.com", type: "Secondary", }, ], }, published: "2024-01-10T13:15:48.643", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0137", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0138", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0139", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0140", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0141", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0142", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0143", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0144", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0145", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2024:0252", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-5455", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242828", }, { source: "secalert@redhat.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/", }, { source: "secalert@redhat.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/", }, { source: "secalert@redhat.com", tags: [ "Release Notes", ], url: "https://www.freeipa.org/release-notes/4-10-3.html", }, { source: "secalert@redhat.com", tags: [ "Release Notes", ], url: "https://www.freeipa.org/release-notes/4-11-1.html", }, { source: "secalert@redhat.com", tags: [ "Release Notes", ], url: "https://www.freeipa.org/release-notes/4-6-10.html", }, { source: "secalert@redhat.com", tags: [ "Release Notes", ], url: "https://www.freeipa.org/release-notes/4-9-14.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "secalert@redhat.com", type: "Secondary", }, ], }, }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.