CVE-2023-5455
- Source
- https://cve.org/CVERecord?id=CVE-2023-5455
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5455.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-5455
- Downstream
- Related
- Published
- 2024-01-10T13:15:48.643Z
- Modified
- 2026-04-02T09:47:50.690137Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/
- https://access.redhat.com/errata/RHSA-2024:0143
- https://access.redhat.com/errata/RHSA-2024:0141
- https://access.redhat.com/errata/RHSA-2024:0144
- https://access.redhat.com/security/cve/CVE-2023-5455
- https://www.freeipa.org/release-notes/4-9-14.html
- https://access.redhat.com/errata/RHSA-2024:0137
- https://access.redhat.com/errata/RHSA-2024:0139
- https://access.redhat.com/errata/RHSA-2024:0145
- https://www.freeipa.org/release-notes/4-10-3.html
- https://access.redhat.com/errata/RHSA-2024:0252
- https://access.redhat.com/errata/RHSA-2024:0138
- https://access.redhat.com/errata/RHSA-2024:0140
- https://access.redhat.com/errata/RHSA-2024:0142
- https://www.freeipa.org/release-notes/4-11-1.html
- https://www.freeipa.org/release-notes/4-6-10.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2242828
Affected packages
Git / github.com/freeipa/freeipa
Affected ranges
- Type
- GIT
- Repo
- https://github.com/freeipa/freeipa
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "4.6.10" }, { "introduced": "4.7.0" }, { "fixed": "4.9.14" }, { "introduced": "4.10.0" }, { "fixed": "4.10.3" }, { "introduced": "0" }, { "last_affected": "4.11.0-NA" } ] }
Affected versions
Other
alpha-1-9-0
alpha_1-2-1-90
alpha_1-4-1-0
alpha_1-4-2-0
alpha_1-4-4-0
alpha_2-1-9-0
alpha_2-2-1-90
alpha_3-1-9-0
alpha_4-1-9-0
alpha_5-1-9-0
alpha_5-1-9-0-1
beta_1-2-0-0
beta_1-3-0-0
beta_1-3-2-0
beta_1-3-3-0
beta_1-4-11-0
beta_2-2-0-0
beta_2-3-0-0
beta_2-3-3-0
beta_3-3-0-0
milestone_2
milestone_3
milestone_4
milestone_4_1
milestone_6
rc_1-2-0-0
rc_1-2-1-90
rc_1-3-0-0
rc_2-2-0-0
rc_2-3-0-0
rc_3-2-0-0
rc_4-7-0-1
rc_4-7-0-2
rc_4-8-0-1
rc_4-9-0-1
rc_4-9-0-2
rc_4-9-0-3
release-1-0-0
release-1-0-0-a
release-1-0-0-b
release-1-1-0
release-1-1-1
release-1-2-0
release-1-2-1
release-1-2-2
release-2-0-0
release-2-0-1
release-2-1-0
release-2-1-1
release-2-1-2
release-2-1-3
release-2-1-4
release-2-2-0
release-2-2-1
release-3-0-0
release-3-0-1
release-3-0-2
release-3-1-0
release-3-1-1
release-3-1-2
release-3-1-3
release-3-1-4
release-3-1-5
release-3-2-0
release-3-2-0-pre1
release-3-2-1
release-3-2-2
release-3-3-0
release-3-3-1
release-3-3-2
release-3-3-3
release-3-3-4
release-3-3-5
release-4-0-0
release-4-0-1
release-4-0-2
release-4-0-3
release-4-0-4
release-4-0-5
release-4-1-0
release-4-1-1
release-4-1-2
release-4-1-3
release-4-1-4
release-4-1-5
release-4-10-0
release-4-10-1
release-4-10-2
release-4-11-0
release-4-12-0
release-4-12-1
release-4-12-2
release-4-12-3
release-4-12-4
release-4-12-5
release-4-13-0
release-4-13-1
release-4-2-0
release-4-2-1
release-4-2-2
release-4-2-3
release-4-2-4
release-4-3-0
release-4-3-1
release-4-3-2
release-4-3-3
release-4-4-0
release-4-4-1
release-4-4-2
release-4-4-3
release-4-4-4
release-4-5-0
release-4-5-1
release-4-5-2
release-4-5-3
release-4-5-4
release-4-6-0
release-4-6-1
release-4-6-2
release-4-6-3
release-4-6-4
release-4-6-5
release-4-6-6
release-4-6-7
release-4-6-8
release-4-6-9
release-4-7-0
release-4-7-1
release-4-7-2
release-4-7-3
release-4-7-4
release-4-7-5
release-4-8-0
release-4-8-1
release-4-8-10
release-4-8-2
release-4-8-3
release-4-8-4
release-4-8-5
release-4-8-6
release-4-8-7
release-4-8-8
release-4-8-9
release-4-9-0
release-4-9-1
release-4-9-10
release-4-9-11
release-4-9-12
release-4-9-13
release-4-9-2
release-4-9-3
release-4-9-4
release-4-9-5
release-4-9-6
release-4-9-7
release-4-9-8
release-4-9-9
release-2.*
release-2.2.2
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5455.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.11.0-beta1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "38"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "39"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "40"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
}
]