CVE-2023-5455

high-risk

Published 2024-01-10

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.

Do I need to act?

0.30% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Freeipa

Fedora

Codeready Linux Builder

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux For Arm 64 Eus

Affected Vendors

Redhat Fedoraproject Freeipa

References (33)

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0137

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0138

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0139

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0140

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0141

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0142

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0143

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0144

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0145

Third Party Advisory https://access.redhat.com/security/cve/CVE-2023-5455

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2242828

Release Notes https://www.freeipa.org/release-notes/4-10-3.html

Release Notes https://www.freeipa.org/release-notes/4-11-1.html

Release Notes https://www.freeipa.org/release-notes/4-6-10.html

Release Notes https://www.freeipa.org/release-notes/4-9-14.html

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0137

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0138

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0139

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0140

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0141

and 13 more references

/ 100

high-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 26/34 · High