| Release | Version |
|---|---|
| bookworm | 4.9.11-1 |
| sid | 4.12.2-1 |
| Bug | bookworm | sid | Description |
|---|---|---|---|
| CVE-2024-11029 | vulnerable (no DSA) | vulnerable | A flaw was found in the FreeIPA API audit, where it sends the whole Fr ... |
| CVE-2024-1481 | vulnerable (no DSA, ignored) | fixed | A flaw was found in FreeIPA. This issue may allow a remote attacker to ... |
| Bug | bookworm | sid | Description |
|---|---|---|---|
| CVE-2024-3183 | vulnerable | fixed | A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ ... |
| CVE-2024-2698 | vulnerable | fixed | A vulnerability was found in FreeIPA in how the initial implementation ... |
| CVE-2023-5455 | vulnerable | fixed | A Cross-site request forgery vulnerability exists in ipa/session/login ... |
| CVE-2019-14826 | vulnerable | vulnerable | A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies ... |
| CVE-2017-12169 | vulnerable | vulnerable | It was found that FreeIPA 4.2.0 and later could disclose password hash ... |
| CVE-2015-5179 | vulnerable | vulnerable | FreeIPA might display user data improperly via vectors involving non-p ... |
| Bug | Description |
|---|---|
| CVE-2020-1722 | A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending ... |
| CVE-2019-14867 | A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x ve ... |
| CVE-2019-10195 | A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x ve ... |
| CVE-2017-2590 | A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, ... |
| CVE-2016-9575 | Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not ... |
| CVE-2016-7030 | FreeIPA uses a default password policy that locks an account after 5 u ... |
| CVE-2016-5414 | FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name ... |
| CVE-2016-5404 | The cert_revoke command in FreeIPA does not check for the "revoke cert ... |
| CVE-2015-5284 | ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate ... |
| CVE-2015-1827 | The get_user_grouplist function in the extdom plug-in in FreeIPA befor ... |
| CVE-2014-7850 | Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x ... |
| CVE-2014-7828 | FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled ... |
| DSA / DLA | Description |
|---|---|
| DLA-3773-1 | freeipa - security update |