CVE-2024-11029
EUVD-2024-3437815.01.2025, 13:15
A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.
Debian Releases
Ubuntu Releases
Red Hat Enterprise Linux Releases
Red Hat Product | |||
|---|---|---|---|
| ipa-client |
| ||
| ipa-client-common |
| ||
| ipa-client-epn |
| ||
| ipa-client-samba |
| ||
| ipa-common |
| ||
| ipa-selinux |
| ||
| ipa-selinux-luna |
| ||
| ipa-selinux-nfast |
| ||
| ipa-server |
| ||
| ipa-server-common |
| ||
| ipa-server-dns |
| ||
| ipa-server-trust-ad |
| ||
| python3-ipaclient |
| ||
| python3-ipalib |
| ||
| python3-ipaserver |
| ||
| python3-ipatests |
|