We found results for “”
CVE-2020-10747
Date: June 17, 2020
A vulnerability was found in FreeIPA. An account created with a name corresponding to an account local to a system, such as 'root', could access any enrolled machine with that account, with local system privileges. This also bypasses the absence of explicit HBAC rules. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity Score
Severity Score
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |