ipa-4.6.8-5.16.0.1.el7.AXS7
エラータID: AXSA:2024-7410:02
Asianux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
Security Fix(es):
* ipa: Invalid CSRF protection (CVE-2023-5455)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-5455
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.
Update packages.
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.
N/A
SRPMS
- ipa-4.6.8-5.16.0.1.el7.AXS7.src.rpm
MD5: 5139c5f03f17853f8909edc3ce94ce71
SHA-256: f3b3c35a9b4c8e719efd0aa6ead3f719b979c1d295ba52ab16d27cc97a82df16
Size: 11.04 MB
Asianux Server 7 for x86_64
- ipa-client-4.6.8-5.16.0.1.el7.AXS7.x86_64.rpm
MD5: 17f918a1e0bf7ac77547a1918a1714ba
SHA-256: 9372cfb05b9c75d7a2bcb94431cde6e83bd3219a0d6858cca153298307f8404b
Size: 291.14 kB - ipa-client-common-4.6.8-5.16.0.1.el7.AXS7.noarch.rpm
MD5: f44a9e9d398fb8b15cb61ca5ed952aec
SHA-256: c66a4c4a63d8523603f2b2ea045ad0acced3f462bddcbfc8cb11d4b5b65e3e44
Size: 196.66 kB - ipa-common-4.6.8-5.16.0.1.el7.AXS7.noarch.rpm
MD5: 315a86f056f6cb4d673a2ddb82138181
SHA-256: 39df130bb714e0828e88aac07ab27ae4fada8abca8bf609c50803faffbb0e366
Size: 622.86 kB - ipa-python-compat-4.6.8-5.16.0.1.el7.AXS7.noarch.rpm
MD5: 492005d8aeff26dbfeb837a328165905
SHA-256: 90e97d0460a4ca28e7ca4506a144419ddeedafe845cbcb10de5d9a176af04574
Size: 190.52 kB - ipa-server-4.6.8-5.16.0.1.el7.AXS7.x86_64.rpm
MD5: 78da6fea1a5f2849477171a386bb01d6
SHA-256: 07175901b228445aff1c74cfbbd3b5570c3555a37533395bee64c40fd4441f38
Size: 534.19 kB - ipa-server-common-4.6.8-5.16.0.1.el7.AXS7.noarch.rpm
MD5: 10fd88a237ffe9924eb15d17f12d610c
SHA-256: 4026f1e038e346a89551a62fe5e62a0e07f0ef48dd21706fa2407202987a8afd
Size: 707.76 kB - ipa-server-dns-4.6.8-5.16.0.1.el7.AXS7.noarch.rpm
MD5: a268c3621d8267f8e0f5581f58e316f8
SHA-256: b2e62d8d0ea4c7b1c14c6d7474deaaa8cbb85df2b6210eaa317b6e080480acfb
Size: 194.42 kB - ipa-server-trust-ad-4.6.8-5.16.0.1.el7.AXS7.x86_64.rpm
MD5: cd22ee3ad3b805705b85859d18bfc832
SHA-256: 87520e5aa0f5d73f17fcfb9094059354c281cd04dfc15e4cf977002c73642ace
Size: 284.67 kB - python2-ipaclient-4.6.8-5.16.0.1.el7.AXS7.noarch.rpm
MD5: ab7d6fb2daecc4ed913aee06087a315b
SHA-256: f5c9b31648ddc936f6c86f054fdd3777fe57d7108c702c575db36cf280849fe7
Size: 706.06 kB - python2-ipalib-4.6.8-5.16.0.1.el7.AXS7.noarch.rpm
MD5: bb74aef2839349eb548750ba7a0e9397
SHA-256: 975424d1bd185dc471a4c374e92d5131d16e11c1630d169410888013012aa454
Size: 688.05 kB - python2-ipaserver-4.6.8-5.16.0.1.el7.AXS7.noarch.rpm
MD5: 53d8f7b8f392df4772b395f03514cf5f
SHA-256: aefe9ccce7c6a390ca8b23d7a226e966f3482c19b097a25f3c30fd0018be6f53
Size: 1.54 MB
日本語