CVE-2011-3636

Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.

Published: Dec 8, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-3636
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
redhat / freeipa	1.2.2	1.2.2.x
redhat / freeipa	1.1.0	1.1.0.x
redhat / freeipa	2.1.0	2.1.0.x
redhat / freeipa	2.0.0-rc2	2.0.0-rc2.x
redhat / freeipa	2.1.1	2.1.1.x
redhat / freeipa	2.0.0-rc3	2.0.0-rc3.x
redhat / freeipa	1.2.1	1.2.1.x
redhat / freeipa	1.0.0-b	1.0.0-b.x
redhat / freeipa	1.9.0-pre1	1.9.0-pre1.x
redhat / freeipa	1.9.0-pre5	1.9.0-pre5.x
redhat / freeipa	0.99	0.99.x
redhat / freeipa	2.0.0-pre2	2.0.0-pre2.x
redhat / freeipa	2.0.0-pre1	2.0.0-pre1.x
redhat / freeipa	1.0.0	1.0.0.x
redhat / freeipa	2.0.1	2.0.1.x
redhat / freeipa	0.99698641-20080218	0.99698641-20080218.x
redhat / freeipa	1.0.0-a	1.0.0-a.x
redhat / freeipa	0.99698-20080228	0.99698-20080228.x
redhat / freeipa	1.9.0-pre2	1.9.0-pre2.x
redhat / freeipa	1.1.1	1.1.1.x
redhat / freeipa	1.9.0-pre3	1.9.0-pre3.x
redhat / freeipa	-	2.1.3.x
redhat / freeipa	2.0.0	2.0.0.x
redhat / freeipa	2.1.2	2.1.2.x
redhat / freeipa	1.2.0	1.2.0.x
redhat / freeipa	1.9.0-pre4	1.9.0-pre4.x
redhat / freeipa	2.0.0-rc1	2.0.0-rc1.x

http://freeipa.org/page/IPAv2_214

Vulnerability Database

289,599

CVE-2011-3636