CVE-2019-14826
low-risk
Published 2019-09-17
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
Do I need to act?
-
0.11% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.4/10
Medium
LOCAL
/ LOW complexity
Affected Products (3)
References (2)
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14826
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14826
24
/ 100
low-risk
Severity
15/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
9/34 · Low