CVE-2023-5455

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:0137	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0138	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0139	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0140	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0141	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0142	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0143	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0144	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0145	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0252	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5455	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2242828	Issue Tracking Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/	Mailing List
https://www.freeipa.org/release-notes/4-10-3.html	Release Notes
https://www.freeipa.org/release-notes/4-11-1.html	Release Notes
https://www.freeipa.org/release-notes/4-6-10.html	Release Notes
https://www.freeipa.org/release-notes/4-9-14.html	Release Notes

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:freeipa:freeipa::::::::
	cpe:2.3:a:freeipa:freeipa::::::::
	cpe:2.3:a:freeipa:freeipa::::::::
	cpe:2.3:a:freeipa:freeipa:4.11.0:-::::::
	cpe:2.3:a:freeipa:freeipa:4.11.0:beta1::::::

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:fedoraproject:fedora:40:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:redhat:codeready_linux_builder:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0::::::arm64:
	cpe:2.3:o:redhat:enterprise_linux:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6::::::arm64:
	cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:9.0::::::arm64:
	cpe:2.3:o:redhat:enterprise_linux_server:9.2::::::arm64:
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_ibm_z_systems:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

History

20 Feb 2024, 19:05

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.1~~	v2 : unknown v3 : 6.5
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/ - Mailing List
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/ - Mailing List

26 Jan 2024, 02:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/ -

26 Jan 2024, 01:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/ -

17 Jan 2024, 01:41

15 Jan 2024, 21:15

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de Cross-site request forgery en ipa/session/login_password en todas las versiones compatibles de IPA. Este fallo permite a un atacante engañar al usuario para que envíe una solicitud que podría realizar acciones como el usuario, lo que resulta en una pérdida de confidencialidad e integridad del sistema. Durante las pruebas de penetración de la comunidad, se descubrió que para ciertos endpoints HTTP, FreeIPA no garantizan la protección CSRF. Debido a los detalles de implementación, no se puede utilizar este fallo para reflejar una cookie que represente a un usuario que ya inició sesión. Un atacante siempre tendría que realizar un nuevo intento de autenticación.
References		() https://access.redhat.com/errata/RHSA-2024:0252 -

10 Jan 2024, 15:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:0137 - () https://access.redhat.com/errata/RHSA-2024:0138 - () https://access.redhat.com/errata/RHSA-2024:0139 - () https://access.redhat.com/errata/RHSA-2024:0140 - () https://access.redhat.com/errata/RHSA-2024:0141 - () https://access.redhat.com/errata/RHSA-2024:0142 - () https://access.redhat.com/errata/RHSA-2024:0143 - () https://access.redhat.com/errata/RHSA-2024:0144 - () https://access.redhat.com/errata/RHSA-2024:0145 -

10 Jan 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-10 13:15

Updated : 2024-02-20 19:05

NVD link : CVE-2023-5455

Mitre link : CVE-2023-5455

CVE.ORG link : CVE-2023-5455

JSON object : View

Products Affected

redhat

enterprise_linux_server
enterprise_linux_server_aus
enterprise_linux_for_ibm_z_systems_eus
enterprise_linux_for_power_little_endian_eus
enterprise_linux_desktop
enterprise_linux_server_tus
enterprise_linux_server_update_services_for_sap_solutions
enterprise_linux_workstation
codeready_linux_builder
enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
enterprise_linux
enterprise_linux_for_ibm_z_systems
enterprise_linux_update_services_for_sap_solutions
enterprise_linux_for_power_big_endian
enterprise_linux_for_power_little_endian
enterprise_linux_for_arm_64_eus
enterprise_linux_for_scientific_computing
enterprise_linux_server_for_ibm_z_systems
enterprise_linux_eus

freeipa

freeipa

fedoraproject

fedora

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

6.5 /10