freeipa

PyPI3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting freeipapage 1 of 1

CVE-2012-5484NONECVSS 0.0EG 0.0✓ Fixed in a40285c5a0288669b72f9d991508d4405885bffc
2013-01-27
vulnerable: 4.10.2 ... 4.13.1 (28 versions)
The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.
CVE-2019-10195MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.8.3
2019-11-27
vulnerable: 4.6.1 ... 4.8.2 (11 versions)
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear …
CVE-2019-14867HIGHCVSS 8.8EG 8.8✓ Fixed in 4.8.3
2019-11-27
vulnerable: 4.8.0, 4.8.1, 4.8.2
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerbero…

Check whether freeipa is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for freeipa CVEs against the assets you own.

Start Free Scan →