diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2021-10-13 14:54:59 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-10-13 14:57:25 +0200 |
| commit | cddba0eebb8cf749913ca05186e383658d6bc4c6 (patch) | |
| tree | 6e5ae54f123b1d0be4f74a8b41d2306e9c82c40a /data | |
| parent | 81a9ece68590bd13f9cba4397fad1bb50819e76f (diff) | |
Update state for old CVE-2019-14826/freeipa
The security risk is negligible as the vulnerability to be exposed would
need someone to access FreeIPA in a non-standard fashion with an
insecure web browser or a client application that stores and shares
excessive debugging information.
The issue does not seem to be going to be addressed upstream, so demote
the severity to unimportant and negligible security impact.
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list index c4193f3abb..274e041eed 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -149806,11 +149806,12 @@ CVE-2019-14828 (A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 CVE-2019-14827 (A vulnerability was found in Moodle where javaScript injection was pos ...) - moodle <removed> CVE-2019-14826 (A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies ...) - - freeipa <unfixed> (bug #940913) - [buster] - freeipa <no-dsa> (Minor issue) + - freeipa <unfixed> (unimportant; bug #940913) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1746944 NOTE: Introduced by https://pagure.io/freeipa/c/b895f4a34bcbd0b1787d2bfc1db25f34c3584b9c NOTE: due to fix for https://fedorahosted.org/freeipa/ticket/6682. + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1746944#c12 + NOTE: Negligible security impact CVE-2019-14825 (A cleartext password storage issue was discovered in Katello, versions ...) NOT-FOR-US: Katello CVE-2019-14824 (A flaw was found in the 'deref' plugin of 389-ds-base where it could u ...) |