[Git][security-tracker-team/security-tracker][master] Update state for old CVE-2019-14826/freeipa

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 13 13:57:54 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cddba0ee by Salvatore Bonaccorso at 2021-10-13T14:57:25+02:00
Update state for old CVE-2019-14826/freeipa

The security risk is negligible as the vulnerability to be exposed would
need someone to access FreeIPA in a non-standard fashion with an
insecure web browser or a client application that stores and shares
excessive debugging information.

The issue does not seem to be going to be addressed upstream, so demote
the severity to unimportant and negligible security impact.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -149806,11 +149806,12 @@ CVE-2019-14828 (A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6
 CVE-2019-14827 (A vulnerability was found in Moodle where javaScript injection was pos ...)
 	- moodle <removed>
 CVE-2019-14826 (A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies  ...)
-	- freeipa <unfixed> (bug #940913)
-	[buster] - freeipa <no-dsa> (Minor issue)
+	- freeipa <unfixed> (unimportant; bug #940913)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1746944
 	NOTE: Introduced by https://pagure.io/freeipa/c/b895f4a34bcbd0b1787d2bfc1db25f34c3584b9c
 	NOTE: due to fix for https://fedorahosted.org/freeipa/ticket/6682.
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1746944#c12
+	NOTE: Negligible security impact
 CVE-2019-14825 (A cleartext password storage issue was discovered in Katello, versions ...)
 	NOT-FOR-US: Katello
 CVE-2019-14824 (A flaw was found in the 'deref' plugin of 389-ds-base where it could u ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cddba0eebb8cf749913ca05186e383658d6bc4c6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cddba0eebb8cf749913ca05186e383658d6bc4c6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211013/c3c47877/attachment.htm>

More information about the debian-security-tracker-commits mailing list