Primary

Context

FreeIPA API Audit Credential Leak Vulnerability

Vulnerability

Patched

A vulnerability exists in the FreeIPA API audit process, where the complete FreeIPA command line is sent to journalctl. This behavior unintentionally exposes administrative user credentials, including passwords, to the journal database during the FreeIPA installation. In scenarios where journal logs are centralized, this could lead to unauthorized access to FreeIPA administrator credentials.

Impact

Exploitation of this vulnerability allows for the unauthorized disclosure of FreeIPA administrative credentials, including passwords, which could be misused to gain improper access to administrative functions.

Remediation

Users can apply the available update for Red Hat Enterprise Linux 9, which addresses this vulnerability. For instructions on how to apply this update, refer to the Red Hat Enterprise Linux 9 Update Guide.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

3.3

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

3.3

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeIPA API Audit Credential Leak Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Red Hat FreeIPA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating