CVE-2011-3636

FreeIPA < 2.1.4 - Cross-Site Request Forgery in Management Interface

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.

References (1)

Core 1
Core References
Various Sources x_refsource_confirm
http://freeipa.org/page/IPAv2_214

Scores

EPSS 0.0084
EPSS Percentile 53.5%

Details

CWE
CWE-352
Status published
Products (16)
redhat/freeipa 0.99
redhat/freeipa 0.99698-20080228
redhat/freeipa 0.99698641-20080218
redhat/freeipa 1.0.0 (3 CPE variants)
redhat/freeipa 1.1.0
redhat/freeipa 1.1.1
redhat/freeipa 1.2.0
redhat/freeipa 1.2.1
redhat/freeipa 1.2.2
redhat/freeipa 1.9.0 pre1 (5 CPE variants)
... and 6 more
Published Dec 08, 2011
Tracked Since Feb 18, 2026