CVE-2017-2590
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-2590
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-2590.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-2590
- Related
- Published
- 2018-07-27T18:29:00Z
- Modified
- 2025-01-14T07:10:26.962586Z
- Downstream
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.
- References
Affected packages
Git / github.com/freeipa/freeipa
Affected ranges
- Type
- GIT
- Repo
- https://github.com/freeipa/freeipa
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
alpha-1-9-0
alpha_1-4-2-0
alpha_1-4-4-0
alpha_2-1-9-0
alpha_3-1-9-0
alpha_4-1-9-0
alpha_5-1-9-0
alpha_5-1-9-0-1
beta_1-2-0-0
beta_1-3-0-0
beta_1-3-2-0
beta_1-3-3-0
beta_2-3-0-0
beta_2-3-3-0
milestone_2
milestone_3
milestone_4
milestone_4_1
milestone_6
rc_1-2-0-0
rc_2-2-0-0
rc_3-2-0-0
release-1-0-0
release-1-1-0
release-2-0-0
release-2-1-0
release-3-1-0
release-3-2-0
release-3-2-0-pre1
release-3-3-0
release-4-0-0
release-4-2-0