CVE-2019-14826

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.

Published: Sep 17, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-14826
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.4
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-613

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
freeipa / freeipa	4.5.0	4.5.0.x
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	8.0	8.0.x

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14826

Vulnerability Database

289,599

CVE-2019-14826