CVE-2024-11029

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:0334
https://access.redhat.com/security/cve/CVE-2024-11029
https://bugzilla.redhat.com/show_bug.cgi?id=2325557

Configurations

No configuration.

History

15 Jan 2025, 14:15

Type	Values Removed	Values Added
Summary		(es) Se encontró un fallo en la auditoría de la API de FreeIPA, donde envía toda la línea de comandos de FreeIPA a journalctl. Como consecuencia, durante el proceso de instalación de FreeIPA, filtra inadvertidamente las credenciales de usuario administrativo, incluida la contraseña de administrador, a la base de datos del diario. En el peor de los casos, donde el registro del diario está centralizado, los usuarios con acceso a él pueden tener acceso indebido a las credenciales de administrador de FreeIPA.
References		() https://access.redhat.com/errata/RHSA-2025:0334 -

15 Jan 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-15 13:15

Updated : 2025-01-15 14:15

NVD link : CVE-2024-11029

Mitre link : CVE-2024-11029

CVE.ORG link : CVE-2024-11029

JSON object : View

Products Affected

No product.

CWE

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

5.5 /10