vulnerability
Red Hat: CVE-2024-11029: freeipa: Administrative user data leaked through systemd journal (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:C/I:N/A:N) | 2025-01-15 | 2025-01-16 | 2025-03-19 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:C/I:N/A:N)
Published
2025-01-15
Added
2025-01-16
Modified
2025-03-19
Description
A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.
Solution(s)
redhat-upgrade-ipa-clientredhat-upgrade-ipa-client-commonredhat-upgrade-ipa-client-debuginforedhat-upgrade-ipa-client-epnredhat-upgrade-ipa-client-sambaredhat-upgrade-ipa-commonredhat-upgrade-ipa-debuginforedhat-upgrade-ipa-debugsourceredhat-upgrade-ipa-selinuxredhat-upgrade-ipa-selinux-lunaredhat-upgrade-ipa-selinux-nfastredhat-upgrade-ipa-serverredhat-upgrade-ipa-server-commonredhat-upgrade-ipa-server-debuginforedhat-upgrade-ipa-server-dnsredhat-upgrade-ipa-server-trust-adredhat-upgrade-ipa-server-trust-ad-debuginforedhat-upgrade-python3-ipaclientredhat-upgrade-python3-ipalibredhat-upgrade-python3-ipaserverredhat-upgrade-python3-ipatests
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.