CVE-2023-5455 - Vulnerability Details

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00304.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Red Hat

Red Hat Enterprise Linux 7

affected

Version	Status	Constraints
`0:4.6.8-5.el7_9.16`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`8090020231201152514.3387e3d0`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.2 Advanced Update Support

affected

Version	Status	Constraints
`8020020231123154806.792f4060`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.2 Telecommunications Update Service

affected

Version	Status	Constraints
`8020020231123154806.792f4060`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

affected

Version	Status	Constraints
`8020020231123154806.792f4060`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

affected

Version	Status	Constraints
`8040020231123154610.5b01ab7e`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Telecommunications Update Service

affected

Version	Status	Constraints
`8040020231123154610.5b01ab7e`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

affected

Version	Status	Constraints
`8040020231123154610.5b01ab7e`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Extended Update Support

affected

Version	Status	Constraints
`8060020231208020207.ada582f1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Extended Update Support

affected

Version	Status	Constraints
`0:1.18.2-16.el8_6`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.8 Extended Update Support

affected

Version	Status	Constraints
`8080020231201153604.b0a6ceea`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:4.10.2-5.el9_3`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.0 Extended Update Support

affected

Version	Status	Constraints
`0:4.9.8-9.el9_0`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.2 Extended Update Support

affected

Version	Status	Constraints
`0:4.10.1-10.el9_2`	unaffected	< *

Red Hat Red Hat Enterprise Linux 6 unknown —

Red Hat Red Hat Enterprise Linux 8 unaffected —

Configuration 1 [-]

OR	cpe:2.3:a:freeipa:freeipa::::::::
	cpe:2.3:a:freeipa:freeipa::::::::
	cpe:2.3:a:freeipa:freeipa::::::::
	cpe:2.3:a:freeipa:freeipa:4.11.0:-::::::
	cpe:2.3:a:freeipa:freeipa:4.11.0:beta1::::::

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:fedoraproject:fedora:40:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:redhat:codeready_linux_builder:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0::::::arm64:
	cpe:2.3:o:redhat:enterprise_linux:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6::::::arm64:
	cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:9.0::::::arm64:
	cpe:2.3:o:redhat:enterprise_linux_server:9.2::::::arm64:
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_ibm_z_systems:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
ipa-0:4.6.8-5.el7_9.16	cpe:/o:redhat:enterprise_linux:7	RHSA-2024:0145	2024-01-10T00:00:00Z
Red Hat Enterprise Linux 8
idm:DL1-8090020231201152514.3387e3d0	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:0143	2024-01-10T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
idm:DL1-8020020231123154806.792f4060	cpe:/a:redhat:rhel_aus:8.2	RHSA-2024:0144	2024-01-10T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
idm:DL1-8020020231123154806.792f4060	cpe:/a:redhat:rhel_tus:8.2	RHSA-2024:0144	2024-01-10T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
idm:DL1-8020020231123154806.792f4060	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2024:0144	2024-01-10T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
idm:DL1-8040020231123154610.5b01ab7e	cpe:/a:redhat:rhel_aus:8.4	RHSA-2024:0138	2024-01-10T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
idm:DL1-8040020231123154610.5b01ab7e	cpe:/a:redhat:rhel_tus:8.4	RHSA-2024:0138	2024-01-10T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
idm:DL1-8040020231123154610.5b01ab7e	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2024:0138	2024-01-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
idm:DL1-8060020231208020207.ada582f1	cpe:/a:redhat:rhel_eus:8.6	RHSA-2024:0139	2024-01-10T00:00:00Z
krb5-0:1.18.2-16.el8_6	cpe:/o:redhat:rhel_eus:8.6	RHSA-2024:0252	2024-01-15T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
idm:DL1-8080020231201153604.b0a6ceea	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:0137	2024-01-10T00:00:00Z
Red Hat Enterprise Linux 9
ipa-0:4.10.2-5.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:0141	2024-01-10T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
ipa-0:4.9.8-9.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2024:0140	2024-01-10T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
ipa-0:4.10.1-10.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:0142	2024-01-10T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Fedoraproject Subscribe	Fedora Subscribe
Freeipa Subscribe	Freeipa Subscribe
Redhat Subscribe	Codeready Linux Builder Subscribe Enterprise Linux Subscribe Enterprise Linux Desktop Subscribe Enterprise Linux Eus Subscribe Enterprise Linux For Arm 64 Eus Subscribe Enterprise Linux For Ibm Z Systems Subscribe Enterprise Linux For Ibm Z Systems Eus Subscribe Enterprise Linux For Power Big Endian Subscribe Enterprise Linux For Power Little Endian Subscribe Enterprise Linux For Power Little Endian Eus Subscribe Enterprise Linux For Scientific Computing Subscribe Enterprise Linux Server Subscribe Enterprise Linux Server Aus Subscribe Enterprise Linux Server For Ibm Z Systems Subscribe Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Subscribe Enterprise Linux Server Tus Subscribe Enterprise Linux Server Update Services For Sap Solutions Subscribe Enterprise Linux Update Services For Sap Solutions Subscribe Enterprise Linux Workstation Subscribe Rhel Aus Subscribe Rhel E4s Subscribe Rhel Eus Subscribe Rhel Tus Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2023-57769	A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.

Fixes

Solution

No solution given by the vendor.

Workaround

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:0137
https://access.redhat.com/errata/RHSA-2024:0138
https://access.redhat.com/errata/RHSA-2024:0139
https://access.redhat.com/errata/RHSA-2024:0140
https://access.redhat.com/errata/RHSA-2024:0141
https://access.redhat.com/errata/RHSA-2024:0142
https://access.redhat.com/errata/RHSA-2024:0143
https://access.redhat.com/errata/RHSA-2024:0144
https://access.redhat.com/errata/RHSA-2024:0145
https://access.redhat.com/errata/RHSA-2024:0252
https://access.redhat.com/security/cve/CVE-2023-5455
https://bugzilla.redhat.com/show_bug.cgi?id=2242828
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/
https://nvd.nist.gov/vuln/detail/CVE-2023-5455
https://www.cve.org/CVERecord?id=CVE-2023-5455
https://www.freeipa.org/release-notes/4-10-3.html
https://www.freeipa.org/release-notes/4-11-1.html
https://www.freeipa.org/release-notes/4-6-10.html
https://www.freeipa.org/release-notes/4-9-14.html

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/

Thu, 14 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 16 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
References	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-01-10T12:33:00.336Z

Updated: 2025-11-20T18:06:12.304Z

Reserved: 2023-10-09T04:39:08.777Z

Link: CVE-2023-5455

Vulnrichment

Updated: 2024-08-02T07:59:44.726Z

NVD

Status : Modified

Published: 2024-01-10T13:15:48.643

Modified: 2024-11-21T08:41:47.993

Link: CVE-2023-5455

Redhat

Severity : Moderate

Publid Date: 2024-01-10T06:30:00Z

Links: CVE-2023-5455 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-352

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object