Description
FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services.
References (2)
Core 2
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/attachment.cgi?id=1184610
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1360757
Scores
CVSS v3
7.5
EPSS
0.0103
EPSS Percentile
59.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-284
Status
published
Products (1)
freeipa/freeipa
4.4.0
Published
Jun 27, 2017
Tracked Since
Feb 18, 2026