CVE-2019-14826

MEDIUM

FreeIPA >= 4.5.0 - Insufficient Session Expiration

Title source: llm
STIX 2.1

Description

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.

References (1)

Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14826

Scores

CVSS v3 4.4
EPSS 0.0011
EPSS Percentile 29.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-613
Status published
Products (3)
freeipa/freeipa 4.5.0
redhat/enterprise_linux 7.0
redhat/enterprise_linux 8.0
Published Sep 17, 2019
Tracked Since Feb 18, 2026