CVE-2017-2590 — Incorrect Permission Assignment in Freeipa

CWE-732 — Incorrect Permission Assignment CWE-2758 documents7 sources

Severity

8.1HIGHNVD

EPSS

0.2%

top 60.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freeipa RED HAT IPA Redhat Enterprise Linux +5 more

Timeline

PublishedJul 27

Latest updateMay 13

Description

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages6 packages

▶NVDfreeipa/freeipa< 4.4.0

▶Ubuntufreeipa/freeipa< 4.7.0~pre1+git20180411-2ubuntu2

▶CVEListV5red_hat/ipa4.4

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

Also affects: Enterprise Linux 7.0, 7.3, 7.4, 7.5

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-7gp5-3wrx-x8j6: A vulnerability was found in ipa before 4↗2022-05-13

▶

OSV

CVE-2017-2590: A vulnerability was found in ipa before 4↗2018-07-27

▶

CVEList

CVE-2017-2590: A vulnerability was found in ipa before 4↗2018-07-27

▶

📋Vendor Advisories

Red Hat

ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands↗2017-02-27

▶

Debian

CVE-2017-2590: freeipa - A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-en...↗2017

▶

💬Community

Bugzilla

CVE-2017-2590 freeipa: ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands [fedora-all]↗2017-02-27

▶

Bugzilla

CVE-2017-2590 ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands↗2017-01-13

▶