A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14826 | Issue Tracking Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-09-17 16:15
Updated : 2024-02-04 20:20
NVD link : CVE-2019-14826
Mitre link : CVE-2019-14826
CVE.ORG link : CVE-2019-14826
JSON object : View
Products Affected
freeipa
- freeipa
redhat
- enterprise_linux
CWE
CWE-613
Insufficient Session Expiration