Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-5455
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Ipa: invalid csrf protection
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Red Hat FreeIPA 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Red Hat FreeIPA是一个综合安全信息管理解决方案。 Red Hat FreeIPA 存在安全漏洞。攻击者利用该漏洞诱骗用户提交可以以用户身份执行操作的请求,从而导致机密性和系统完整性丢失。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Red HatRed Hat Enterprise Linux 7 0:4.6.8-5.el7_9.16 ~ * cpe:/o:redhat:enterprise_linux:7::server
Red HatRed Hat Enterprise Linux 8 8090020231201152514.3387e3d0 ~ * cpe:/a:redhat:enterprise_linux:8::appstream
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support 8020020231123154806.792f4060 ~ * cpe:/a:redhat:rhel_aus:8.2::appstream
Red HatRed Hat Enterprise Linux 8.2 Telecommunications Update Service 8020020231123154806.792f4060 ~ * cpe:/a:redhat:rhel_aus:8.2::appstream
Red HatRed Hat Enterprise Linux 8.2 Update Services for SAP Solutions 8020020231123154806.792f4060 ~ * cpe:/a:redhat:rhel_aus:8.2::appstream
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 8040020231123154610.5b01ab7e ~ * cpe:/a:redhat:rhel_aus:8.4::appstream
Red HatRed Hat Enterprise Linux 8.4 Telecommunications Update Service 8040020231123154610.5b01ab7e ~ * cpe:/a:redhat:rhel_aus:8.4::appstream
Red HatRed Hat Enterprise Linux 8.4 Update Services for SAP Solutions 8040020231123154610.5b01ab7e ~ * cpe:/a:redhat:rhel_aus:8.4::appstream
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support 8060020231208020207.ada582f1 ~ * cpe:/a:redhat:rhel_eus:8.6::appstream
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support 8080020231201153604.b0a6ceea ~ * cpe:/a:redhat:rhel_eus:8.8::appstream
Red HatRed Hat Enterprise Linux 9 0:4.10.2-5.el9_3 ~ * cpe:/a:redhat:enterprise_linux:9::crb
Red HatRed Hat Enterprise Linux 9.0 Extended Update Support 0:4.9.8-9.el9_0 ~ * cpe:/a:redhat:rhel_eus:9.0::appstream
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support 0:4.10.1-10.el9_2 ~ * cpe:/a:redhat:rhel_eus:9.2::appstream
Red HatRed Hat Enterprise Linux 6-cpe:/o:redhat:enterprise_linux:6
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
II. Public POCs for CVE-2023-5455
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2023-5455
Please Login to view more intelligence information
New Vulnerabilities
Product: Red Hat Enterprise Linux 7
Vendor: Red Hat
Same weakness: CWE-352
V. Comments for CVE-2023-5455

No comments yet

Leave a comment