CVE-2016-5404
published 2016-09-07CVE-2016-5404: The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary…
medium6.5CVSS 3.0
AVNACLPRLUINSUCNINAH
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | freeipa | < freeipa 4.3.2-5 (bookworm) | freeipa 4.3.2-5 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| freeipa | freeipa | >= 0 < 4.3.2-5 | 4.3.2-5 |
| freeipa | freeipa | >= 0 < 4.3.2-5 | 4.3.2-5 |
| freeipa | freeipa | >= 0 < 4.3.2-5 | 4.3.2-5 |
| freeipa | freeipa | >= 0 < 3.3.4-0ubuntu3.1+esm1 | 3.3.4-0ubuntu3.1+esm1 |
| freeipa | freeipa | >= 0 < 4.3.1-0ubuntu1+esm1 | 4.3.1-0ubuntu1+esm1 |
| oracle | linux | — | — |
| oracle | linux | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM