Home > Vulnerability Database > CVE-2019-14826

Mend.io Vulnerability Database

CVE-2019-14826

Good to know:

Date: September 17, 2019

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.

Language: Python

Severity Score

4.4

Related Resources (6)

Url: https://security-tracker.debian.org/tracker/CVE-2019-14826

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14826

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-14826

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14826

Url: https://access.redhat.com/security/cve/CVE-2019-14826

Url: https://www.mend.io/vulnerability-database/CVE-2019-14826

Severity Score

4.4

Weakness Type (CWE)

Insufficient Session Expiration

CWE-613

Top Fix

Upgrade Version

Upgrade to version freeipa - 4.8.2

Learn More

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-14826

Good to know:

Date: September 17, 2019

Language: Python

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?