CVE-2023-5455
Vulnerability Summary
Timeline
Description
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Trends
Current EPSS score: 0.30%• Percentile: 54%
Techniques & Countermeasures
- CWE-352•Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Affected Systems
- fedoraproject•fedora
38 | 39 | 40
- freeipa•freeipa
< 4.6.10 | ≥ 4.7.0, < 4.9.14 | ≥ 4.10.0, < 4.10.3 | 4.11.0 | 4.11.0:beta1
- redhat•codeready_linux_builder
na
- redhat•enterprise_linux
7.0 | 8.0 | 8.4 | 9.0
- redhat•enterprise_linux_desktop
7.0
- redhat•enterprise_linux_eus
8.6 | 8.8 | 9.0 | 9.2
- redhat•enterprise_linux_for_arm_64_eus
8.8 | 9.0 | 9.2
- redhat•enterprise_linux_for_ibm_z_systems
7.0 | 8.0 | 9.0
- redhat•enterprise_linux_for_ibm_z_systems_eus
8.6 | 8.8 | 9.0 | 9.2
- redhat•enterprise_linux_for_power_big_endian
7.0
- redhat•enterprise_linux_for_power_little_endian
7.0 | 8.0 | 9.0
- redhat•enterprise_linux_for_power_little_endian_eus
8.6 | 8.8 | 9.0 | 9.2
- redhat•enterprise_linux_for_scientific_computing
7.0
- redhat•enterprise_linux_server
9.0 | 9.2
- redhat•enterprise_linux_server_aus
8.2 | 8.4 | 8.6 | 9.2
- redhat•enterprise_linux_server_for_ibm_z_systems
9.2
- redhat•enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
8.2 | 8.4 | 8.6
- redhat•enterprise_linux_server_tus
8.2 | 8.4 | 8.6
- redhat•enterprise_linux_server_update_services_for_sap_solutions
8.2 | 8.6 | 9.0 | 9.2
- redhat•enterprise_linux_update_services_for_sap_solutions
9.0 | 9.2
- redhat•enterprise_linux_workstation
7.0
References (18)
- https://access.redhat.com/errata/RHSA-2024:0137
- https://access.redhat.com/errata/RHSA-2024:0138
- https://access.redhat.com/errata/RHSA-2024:0139
- https://access.redhat.com/errata/RHSA-2024:0140
- https://access.redhat.com/errata/RHSA-2024:0141
- https://access.redhat.com/errata/RHSA-2024:0142
- https://access.redhat.com/errata/RHSA-2024:0143
- https://access.redhat.com/errata/RHSA-2024:0144
- https://access.redhat.com/errata/RHSA-2024:0145
- https://access.redhat.com/errata/RHSA-2024:0252
- https://access.redhat.com/security/cve/CVE-2023-5455
- https://bugzilla.redhat.com/show_bug.cgi?id=2242828
- https://www.freeipa.org/release-notes/4-10-3.html
- https://www.freeipa.org/release-notes/4-11-1.html
- https://www.freeipa.org/release-notes/4-6-10.html
- https://www.freeipa.org/release-notes/4-9-14.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/