CVE-2017-11191

Published Sep 28, 2017

Last updated 3 months ago

CVSS high 8.8

Overview

Description: FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern
Source: cve@mitre.org
NVD status: Modified
CNA Tags: disputed

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-384

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71429C12-3A4D-4412-9550-E791883A7E2C"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "865A81F2-D9BD-47DC-A635-EA3B122CB66A"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52E797DF-4F3A-464D-B49E-142292C95DF1"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4E97AAF-77F5-4BC4-8857-C3966EA117B0"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0115B8E-7AD4-41D7-A785-DB3441CEF886"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25AD72D4-CF70-46BC-A980-ED2C8859A128"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE4789CE-5BAE-42A3-B8A1-7C22DB2726A3"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7BA432C-89F2-4207-B867-05B7C386F5A7"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B320E94F-1110-441C-A8A1-CDB3D8E6C0E7"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EC763F1-5B71-494C-8E8C-A3AB6D90248C"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F71E457-DC39-4FFC-87FB-FBC187D1C8D8"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D3E80C7-5169-4241-A0D2-44DDAB632390"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67B9782C-BDD1-4D54-9851-A92FB1AEC3BE"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F8BBE22-BBAC-42E8-97FD-5948CED7169A"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C012151-B96A-45E8-A915-D42511EECB88"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47014414-E33A-4F0E-A176-776D73F2B900"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "027670DD-56FD-4CC1-9C2C-0AB7876E8B1B"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B64FB1C5-B46C-4C9B-A9B3-19FA365C6957"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E5243F6-793F-4674-9460-6E47D8017F03"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4183CD99-9C98-49C5-AD08-29EAEB6FB8EA"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49C8B89B-CBD5-4917-8841-4D338F2726CD"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22800DB4-7B42-4CDF-98DF-28E3EC8A47AA"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FFECE21-6D83-4F86-9FDC-1CDA11346469"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D702655E-1F3C-4C25-BB25-E121C3559877"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17B71CD3-6BFE-437F-83CE-C3CE7251F427"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86C97475-0869-492E-A87E-78CFBC612C22"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36AFE514-CD16-4F0F-B6F1-6F24C7D54D05"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D100DB3-C496-441B-B86E-AC754F59AE03"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C5CE49B-C5EA-4E3D-9163-C5A375E01E3C"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEAF3C72-652F-4FD2-97E3-C0046000D861"
          },
          {
            "criteria": "cpe:2.3:a:freeipa:freeipa:4.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47653A5A-BC24-4F29-963F-37216CE3F892"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References