← back
CVE-2019-14826

CVE-2019-14826

CVSS 5.6 MEDIUMEPSS 0.3%CWE-613
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.6EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Sep 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
Affected products
Red Hat · ipa

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14826