pkg:Debian/freeipa

20 total CVEsCRITICAL2HIGH6MEDIUM9

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.1CVE-2025-7493A privilege escalation flaw from host to domain administrator was found in FreeIPA.
    from 0
  • CRITICAL9.1CVE-2025-4404A privilege escalation from host to domain vulnerability was found in the FreeIPA project.
    from 0
  • HIGH8.8CVE-2024-2698A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "…
    from 0
  • HIGH8.8CVE-2019-14867Code injection in FreeIPA
    from 0, < 4.8.3-1
  • HIGH8.1CVE-2024-3183A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key.
    from 0
  • HIGH7.5CVE-2017-12169It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission.
    from 0
  • HIGH7.5CVE-2015-5179FreeIPA might display user data improperly via vectors involving non-printable characters.
    from 0
  • HIGH7.5CVE-2016-7030FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to…
    from 0, < 4.4.4-1
  • MEDIUM6.5CVE-2023-5455A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.
    from 0
  • MEDIUM6.5CVE-2016-5404The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revok…
    from 0, < 4.3.2-5
  • MEDIUM6.3CVE-2016-9575Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate pro…
    from 0, < 4.4.4-1
  • MEDIUM5.7CVE-2019-10195FreeIPA logs passwords embedded in commands in calls using batch
    from 0, < 4.8.3-1
  • MEDIUM5.5CVE-2024-11029A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl.
    from 0
  • MEDIUM5.3CVE-2024-1481freeipa - security update
    from 0, < 4.7.2-3+deb10u1
  • MEDIUM5.3CVE-2024-1481freeipa - security update
    from 0
  • MEDIUM5.3CVE-2020-1722A flaw was found in all ipa versions 4.x.x through 4.8.0.
    from 0, < 4.8.8-2
  • MEDIUM4.4CVE-2019-14826A flaw was found in FreeIPA versions 4.5.0 and later.
    from 0
  • CVE-2024-1271Rejected reason: This CVE was previously published at https://bugzilla.redhat.com/show_bug.cgi?id=2262978 but later rejected for the follow…
    from 0
  • CVE-2014-7850Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script o…
    from 0, < 4.3.1-1
  • CVE-2014-7828FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the t…
    from 0, < 4.0.5-1