CVE-2019-14826
First published: Tue Sep 17 2019(Updated: )
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat FreeIPA | >=4.5.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-14826?
CVE-2019-14826 is considered a high severity vulnerability due to the potential for session hijacking.
How do I fix CVE-2019-14826?
To fix CVE-2019-14826, upgrade FreeIPA to the latest version that addresses this vulnerability.
What versions are affected by CVE-2019-14826?
CVE-2019-14826 affects FreeIPA versions 4.5.0 and later.
What is the primary issue with CVE-2019-14826?
The primary issue with CVE-2019-14826 is session cookies being retained in the cache after logout, allowing unauthorized access.
Can CVE-2019-14826 be exploited remotely?
Yes, CVE-2019-14826 can be exploited remotely if an attacker obtains previously valid session cookies.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/freeipa
- canonical/red hat freeipa
- version/red hat freeipa/4.5.0
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- version/red hat enterprise linux/8.0