Improper Input Validation Affecting freeipa package, versions [0,]
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.05% (17th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-FREEIPA-6281045
- published 27 Feb 2024
- disclosed 20 Feb 2024
- credit Unknown
Introduced: 20 Feb 2024
CVE-2024-1481 Open this link in a new tabHow to fix?
There is no fixed version for freeipa
.
Overview
freeipa is an An integrated security information management solution.
Affected versions of this package are vulnerable to Improper Input Validation due to the handling of specially crafted HTTP requests. An attacker can craft a HTTP request with parameters that can be interpreted as command arguments to kinit
on the server, which can lead to a denial of service or unintended data exposure.
References
CVSS Scores
version 3.1