Upstream information
CVE-2019-10195 at MITRE
Description
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
CVSS v2 Scores
| CVSS detail | National Vulnerability Database |
|---|
| Base Score | 4 |
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
CVSS v3 Scores
| CVSS detail | National Vulnerability Database |
|---|
| Base Score | 6.5 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | None |
| Availability Impact | None |
| CVSSv3 Version | 3.1 |
No SUSE Bugzilla entries cross referenced.
No SUSE Security Announcements cross referenced.
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|
| SUSE Liberty Linux 7 | ipa-client >= 4.6.5-11.el7_7.4ipa-client-common >= 4.6.5-11.el7_7.4ipa-common >= 4.6.5-11.el7_7.4ipa-python-compat >= 4.6.5-11.el7_7.4ipa-server >= 4.6.5-11.el7_7.4ipa-server-common >= 4.6.5-11.el7_7.4ipa-server-dns >= 4.6.5-11.el7_7.4ipa-server-trust-ad >= 4.6.5-11.el7_7.4python2-ipaclient >= 4.6.5-11.el7_7.4python2-ipalib >= 4.6.5-11.el7_7.4python2-ipaserver >= 4.6.5-11.el7_7.4
| Patchnames:
RHSA-2020:0378 |
| SUSE Liberty Linux 8 | bind-dyndb-ldap >= 11.1-14.module+el8.1.0+4098+f286395ecustodia >= 0.6.0-3.module+el8.1.0+4098+f286395eipa-client >= 4.8.0-13.module+el8.1.0+4923+c6efe041ipa-client-common >= 4.8.0-13.module+el8.1.0+4923+c6efe041ipa-client-samba >= 4.8.0-13.module+el8.1.0+4923+c6efe041ipa-common >= 4.8.0-13.module+el8.1.0+4923+c6efe041ipa-healthcheck >= 0.3-4.module+el8.1.0+4098+f286395eipa-idoverride-memberof-plugin >= 0.0.4-6.module+el8.1.0+4098+f286395eipa-python-compat >= 4.8.0-13.module+el8.1.0+4923+c6efe041ipa-server >= 4.8.0-13.module+el8.1.0+4923+c6efe041ipa-server-common >= 4.8.0-13.module+el8.1.0+4923+c6efe041ipa-server-dns >= 4.8.0-13.module+el8.1.0+4923+c6efe041ipa-server-trust-ad >= 4.8.0-13.module+el8.1.0+4923+c6efe041opendnssec >= 1.4.14-1.module+el8.1.0+4098+f286395epython3-custodia >= 0.6.0-3.module+el8.1.0+4098+f286395epython3-ipaclient >= 4.8.0-13.module+el8.1.0+4923+c6efe041python3-ipalib >= 4.8.0-13.module+el8.1.0+4923+c6efe041python3-ipaserver >= 4.8.0-13.module+el8.1.0+4923+c6efe041python3-jwcrypto >= 0.5.0-1.module+el8.1.0+4098+f286395epython3-kdcproxy >= 0.4-3.module+el8.1.0+4098+f286395epython3-pyusb >= 1.0.0-9.module+el8.1.0+4098+f286395epython3-qrcode >= 5.1-12.module+el8.1.0+4098+f286395epython3-qrcode-core >= 5.1-12.module+el8.1.0+4098+f286395epython3-yubico >= 1.3.2-9.module+el8.1.0+4098+f286395eslapi-nis >= 0.56.3-2.module+el8.1.0+4098+f286395esofthsm >= 2.4.0-2.module+el8.1.0+4098+f286395esofthsm-devel >= 2.4.0-2.module+el8.1.0+4098+f286395e
| Patchnames:
RHBA-2019:4268 |
SUSE Timeline for this CVE
CVE page created: Wed Nov 27 04:31:24 2019
CVE page last modified: Thu Apr 16 13:51:02 2026
