CVE-2017-2590

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-2590
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-2590.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-2590
Related
Published
2018-07-27T18:29:00Z
Modified
2025-01-14T07:10:26.962586Z
Downstream
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

References

Affected packages

Git / github.com/freeipa/freeipa

Affected ranges

Type
GIT
Repo
https://github.com/freeipa/freeipa
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

alpha-1-9-0
alpha_1-4-2-0
alpha_1-4-4-0
alpha_2-1-9-0
alpha_3-1-9-0
alpha_4-1-9-0
alpha_5-1-9-0
alpha_5-1-9-0-1
beta_1-2-0-0
beta_1-3-0-0
beta_1-3-2-0
beta_1-3-3-0
beta_2-3-0-0
beta_2-3-3-0
milestone_2
milestone_3
milestone_4
milestone_4_1
milestone_6
rc_1-2-0-0
rc_2-2-0-0
rc_3-2-0-0
release-1-0-0
release-1-1-0
release-2-0-0
release-2-1-0
release-3-1-0
release-3-2-0
release-3-2-0-pre1
release-3-3-0
release-4-0-0
release-4-2-0