CVE-2019-10195 — Sensitive Information Exposure in Freeipa
Severity
6.5MEDIUMNVD
EPSS
0.6%
top 29.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 27
Latest updateMay 24
Description
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to pro…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5red_hat/ipaall IPA 4.6.x versions before 4.6.7, all IPA 4.7.x versions before 4.7.4, all IPa 4.8.x versions before 4.8.3+2
Also affects: Fedora 30, 31