CVE-2023-5455

Summary

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 70:4.6.8-5.el7_9.16 < *unaffected
Red HatRed Hat Enterprise Linux 88090020231201152514.3387e3d0 < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support8020020231123154806.792f4060 < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Telecommunications Update Service8020020231123154806.792f4060 < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Update Services for SAP Solutions8020020231123154806.792f4060 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support8040020231123154610.5b01ab7e < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Telecommunications Update Service8040020231123154610.5b01ab7e < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Update Services for SAP Solutions8040020231123154610.5b01ab7e < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support8060020231208020207.ada582f1 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support8080020231201153604.b0a6ceea < *unaffected
Red HatRed Hat Enterprise Linux 90:4.10.2-5.el9_3 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Extended Update Support0:4.9.8-9.el9_0 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support0:4.10.1-10.el9_2 < *unaffected

Weaknesses

  • CWE-352: Cross-Site Request Forgery (CSRF)

Workarounds

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References