vulnerability

Alma Linux: CVE-2023-5455: Moderate: idm:DL1 security update (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:N/I:C/A:N)	Jan 10, 2024	Jan 15, 2024	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:C/A:N)

Published

Jan 10, 2024

Added

Jan 15, 2024

Modified

Aug 11, 2025

Description

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.

Solutions

alma-upgrade-bind-dyndb-ldapalma-upgrade-custodiaalma-upgrade-ipa-clientalma-upgrade-ipa-client-commonalma-upgrade-ipa-client-epnalma-upgrade-ipa-client-sambaalma-upgrade-ipa-commonalma-upgrade-ipa-healthcheckalma-upgrade-ipa-healthcheck-corealma-upgrade-ipa-python-compatalma-upgrade-ipa-selinuxalma-upgrade-ipa-serveralma-upgrade-ipa-server-commonalma-upgrade-ipa-server-dnsalma-upgrade-ipa-server-trust-adalma-upgrade-opendnssecalma-upgrade-python3-custodiaalma-upgrade-python3-ipaclientalma-upgrade-python3-ipalibalma-upgrade-python3-ipaserveralma-upgrade-python3-ipatestsalma-upgrade-python3-jwcryptoalma-upgrade-python3-kdcproxyalma-upgrade-python3-pyusbalma-upgrade-python3-qrcodealma-upgrade-python3-qrcode-corealma-upgrade-python3-yubicoalma-upgrade-slapi-nisalma-upgrade-softhsmalma-upgrade-softhsm-devel

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today