CVE-2019-14826

CVSS 5.6 MEDIUMEPSS 0.3%CWE-613

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

Affected products

Red Hat · ipa

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14826