CVE-2019-14826Insufficient Session Expiration in Freeipa

CWE-613Insufficient Session Expiration8 documents7 sources
Severity
4.4MEDIUMNVD
EPSS
0.1%
top 70.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
RED HAT IPAFreeipaRedhat Enterprise Linux
Timeline
PublishedSep 17
Latest updateMay 24

Description

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5red_hat/ipaFreeIPA versions 4.5.0 and later

Also affects: Enterprise Linux 7.0, 8.0

🔴Vulnerability Details

3
GHSA
GHSA-hwmm-p4j4-8398: A flaw was found in FreeIPA versions 42022-05-24
CVEList
CVE-2019-14826: A flaw was found in FreeIPA versions 42019-09-17
OSV
CVE-2019-14826: A flaw was found in FreeIPA versions 42019-09-17

📋Vendor Advisories

2
Red Hat
ipa: Session not terminated after logout2019-09-17
Debian
CVE-2019-14826: freeipa - A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retai...2019

💬Community

2
Bugzilla
CVE-2019-14826 freeipa: ipa: Session not terminated after logout [fedora-all]2019-09-17
Bugzilla
CVE-2019-14826 ipa: Session not terminated after logout2019-08-29
CVE-2019-14826 — Insufficient Session Expiration | cvebase