CVE-2017-11191

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-11191

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11191.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-11191

Published

2017-09-28T01:29:01.123Z

Modified

2026-04-10T03:56:28.203839Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern

References

http://packetstormsecurity.com/files/143532/FreeIPA-2.213-Session-Hijacking.html

Affected packages

Git / github.com/freeipa/freeipa

Affected ranges

Type

GIT

Repo

https://github.com/freeipa/freeipa

Events

Introduced

Last affected

1e58588ec274d5da0f020b2c6af2824313ea0ea7

Introduced

Last affected

a33492da73ac975173c8470f32d32c34b3427b81

Introduced

Last affected

52cf28aae6b51eadb0bf596f9a306647c750632f

Introduced

Last affected

c436352e14a7d3ac4f4cf8888454c6749ddd2f13

Introduced

Last affected

c55f1530c80cf0ce5857b98826f1f47bc6d55fe9

Introduced

Last affected

65a0b586ef72318bf3821a5252f89606e907fa56

Introduced

Last affected

5bcaea7e61da677551e415bf370459b760598ea7

Introduced

Last affected

02ccfa156380aa97561f191a533de83b668a57f1

Introduced

Last affected

ee01ea7e97b96384076befa3074596afd556f492

Introduced

Last affected

7f560c5da14ad36ce9c3d9f17aac756c093ad659

Introduced

Last affected

1b46faded422b059996362b9df7fcf1e65283468

Introduced

Last affected

218de5bff792f5ac40d9b3eebc22f19696e5091e

Introduced

Last affected

60fe517c9b4cc8e6d96605043b2c7685b39bc0ab

Introduced

Last affected

06cedeec3fb4ac2d9de76c5090ffa75d5076c63c

Introduced

Last affected

f6f1a21a6a07879028d58700a5887b4d6cf72912

Introduced

Last affected

a1d3bafcbdb7a100953e61fe42daa1d4cd97ed54

Introduced

Last affected

b402a8dc0fe0ff567a61c7ddde26f66e4f470e24

Introduced

Last affected

43d5c02f8ccb69e07238ac988b849c3722af877c

Introduced

Last affected

78a6434e323ebc357472745d97627065ae5b8169

Introduced

Last affected

d1b59d5dac1c8d2d6edf3e22aadc30fddb2e56e0

Introduced

Last affected

4c1d737656f117a85845fdcd49cbe71459d392e7

Introduced

Last affected

5a3c3c73c2a59c3f42aefa90feef72a774edd1dc

Introduced

Last affected

3c542b987860322ca50cfd2e4eb8827b79071d9e

Introduced

Last affected

097ff54ebcb23e6438b3bf8022f7a66dd1e13aaa

Introduced

Last affected

92fb05c41f3c7f639238928599f26277dafa7fcf

Introduced

Last affected

a0947d94c8f478d57fd20ffbcfe8bde7ee2ba80c

Introduced

Last affected

9587efb317ac96d49457b16db2efa004924ad363

Introduced

Last affected

e89e825178741de042ca9ed9b603613a73113542

Introduced

Last affected

5083a97f88545b876e9e5fdada35b31b992f9dbe

Introduced

Last affected

59e4bc285390886422d5e15314fa8e2fac1cc4bd

Introduced

Last affected

152881ed191b6d26eff99a8d344822b3f4c90065

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.5.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.5.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.5.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.5.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.6.1"
        }
    ]
}

Affected versions

Other

alpha-1-9-0

alpha_1-4-1-0

alpha_1-4-2-0

alpha_1-4-4-0

alpha_2-1-9-0

alpha_3-1-9-0

alpha_4-1-9-0

alpha_5-1-9-0

alpha_5-1-9-0-1

beta_1-2-0-0

beta_1-3-0-0

beta_1-3-2-0

beta_1-3-3-0

beta_2-3-0-0

beta_2-3-3-0

milestone_2

milestone_3

milestone_4

milestone_4_1

milestone_6

rc_1-2-0-0

rc_2-2-0-0

rc_3-2-0-0

release-1-0-0

release-1-1-0

release-2-0-0

release-2-1-0

release-3-1-0

release-3-2-0

release-3-2-0-pre1

release-3-3-0

release-4-0-0

release-4-0-1

release-4-0-2

release-4-0-3

release-4-0-4

release-4-0-5

release-4-1-0

release-4-1-1

release-4-1-2

release-4-1-3

release-4-1-4

release-4-2-0

release-4-2-1

release-4-2-2

release-4-2-3

release-4-2-4

release-4-3-0

release-4-3-1

release-4-3-2

release-4-3-3

release-4-4-0

release-4-4-1

release-4-4-2

release-4-4-3

release-4-4-4

release-4-5-0

release-4-5-1

release-4-5-2

release-4-5-3

release-4-6-0

release-4-6-1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11191.json"