From cddba0eebb8cf749913ca05186e383658d6bc4c6 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Wed, 13 Oct 2021 14:54:59 +0200 Subject: Update state for old CVE-2019-14826/freeipa The security risk is negligible as the vulnerability to be exposed would need someone to access FreeIPA in a non-standard fashion with an insecure web browser or a client application that stores and shares excessive debugging information. The issue does not seem to be going to be addressed upstream, so demote the severity to unimportant and negligible security impact. --- data/CVE/list | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index c4193f3abb..274e041eed 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -149806,11 +149806,12 @@ CVE-2019-14828 (A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 CVE-2019-14827 (A vulnerability was found in Moodle where javaScript injection was pos ...) - moodle CVE-2019-14826 (A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies ...) - - freeipa (bug #940913) - [buster] - freeipa (Minor issue) + - freeipa (unimportant; bug #940913) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1746944 NOTE: Introduced by https://pagure.io/freeipa/c/b895f4a34bcbd0b1787d2bfc1db25f34c3584b9c NOTE: due to fix for https://fedorahosted.org/freeipa/ticket/6682. + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1746944#c12 + NOTE: Negligible security impact CVE-2019-14825 (A cleartext password storage issue was discovered in Katello, versions ...) NOT-FOR-US: Katello CVE-2019-14824 (A flaw was found in the 'deref' plugin of 389-ds-base where it could u ...) -- cgit v1.2.3