CVE-2019-10195
Description
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPAs batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.879
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-freeipa 4.6.7 | Windows |
| Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-freeipa 4.7.4 | Windows |
| Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-freeipa 4.8.3 | Windows |
| Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-ipa 4.6.7 | Windows |
| Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-ipa 4.7.4 | Windows |
| Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-ipa 4.8.3 | Windows |
| (RHSA-2020:0378) ipa security and bug fix update ipa-client-4.6.5-11.el7_7.4.x86_64.rpm | Linux |
| (RHSA-2020:0378) ipa security and bug fix update ipa-client-common-4.6.5-11.el7_7.4.noarch.rpm | Linux |
| (RHSA-2020:0378) ipa security and bug fix update ipa-common-4.6.5-11.el7_7.4.noarch.rpm | Linux |
| (RHSA-2020:0378) ipa security and bug fix update ipa-python-compat-4.6.5-11.el7_7.4.noarch.rpm | Linux |
| (RHSA-2020:0378) ipa security and bug fix update ipa-server-4.6.5-11.el7_7.4.x86_64.rpm | Linux |
| (RHSA-2020:0378) ipa security and bug fix update ipa-server-common-4.6.5-11.el7_7.4.noarch.rpm | Linux |
| (RHSA-2020:0378) ipa security and bug fix update ipa-server-dns-4.6.5-11.el7_7.4.noarch.rpm | Linux |
| (RHSA-2020:0378) ipa security and bug fix update ipa-server-trust-ad-4.6.5-11.el7_7.4.x86_64.rpm | Linux |
| (RHSA-2020:0378) ipa security and bug fix update python2-ipaclient-4.6.5-11.el7_7.4.noarch.rpm | Linux |
| (RHSA-2020:0378) ipa security and bug fix update python2-ipalib-4.6.5-11.el7_7.4.noarch.rpm | Linux |
| (RHSA-2020:0378) ipa security and bug fix update python2-ipaserver-4.6.5-11.el7_7.4.noarch.rpm | Linux |
| Ipa-client update (ELSA-2020-0378) ipa-client-4.6.5-11.0.1.el7_7.4.x86_64.rpm | Linux |
| Ipa-server update (ELSA-2020-0378) ipa-server-4.6.5-11.0.1.el7_7.4.x86_64.rpm | Linux |
| Ipa-server-trust-ad update (ELSA-2020-0378) ipa-server-trust-ad-4.6.5-11.0.1.el7_7.4.x86_64.rpm | Linux |
| Ipa-client-common update (ELSA-2020-0378) ipa-client-common-4.6.5-11.0.1.el7_7.4.noarch.rpm | Linux |
| Ipa-common update (ELSA-2020-0378) ipa-common-4.6.5-11.0.1.el7_7.4.noarch.rpm | Linux |
| Ipa-python-compat update (ELSA-2020-0378) ipa-python-compat-4.6.5-11.0.1.el7_7.4.noarch.rpm | Linux |
| Ipa-server-common update (ELSA-2020-0378) ipa-server-common-4.6.5-11.0.1.el7_7.4.noarch.rpm | Linux |
| Ipa-server-dns update (ELSA-2020-0378) ipa-server-dns-4.6.5-11.0.1.el7_7.4.noarch.rpm | Linux |
| Python2-ipaclient update (ELSA-2020-0378) python2-ipaclient-4.6.5-11.0.1.el7_7.4.noarch.rpm | Linux |
| Python2-ipalib update (ELSA-2020-0378) python2-ipalib-4.6.5-11.0.1.el7_7.4.noarch.rpm | Linux |
| Python2-ipaserver update (ELSA-2020-0378) python2-ipaserver-4.6.5-11.0.1.el7_7.4.noarch.rpm | Linux |
| Bind-dyndb-ldap update (ELSA-2024-3044) bind-dyndb-ldap-11.6-4.module+el8.9.0+90094+20819f5a.x86_64.rpm | Linux |
| Custodia update (ELSA-2024-3044) custodia-0.6.0-3.module+el8.9.0+90094+20819f5a.noarch.rpm | Linux |
| Ipa-client update (ELSA-2024-3044) ipa-client-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpm | Linux |
| Ipa-client update (ELSA-2024-3044) ipa-client-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.x86_64.rpm | Linux |
| Ipa-client-common update (ELSA-2024-3044) ipa-client-common-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Ipa-client-common update (ELSA-2024-3044) ipa-client-common-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpm | Linux |
| Ipa-client-epn update (ELSA-2024-3044) ipa-client-epn-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpm | Linux |
| Ipa-client-epn update (ELSA-2024-3044) ipa-client-epn-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.x86_64.rpm | Linux |
| Ipa-client-samba update (ELSA-2024-3044) ipa-client-samba-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpm | Linux |
| Ipa-client-samba update (ELSA-2024-3044) ipa-client-samba-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.x86_64.rpm | Linux |
| Ipa-common update (ELSA-2024-3044) ipa-common-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Ipa-common update (ELSA-2024-3044) ipa-common-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpm | Linux |
| Ipa-healthcheck update (ELSA-2024-3044) ipa-healthcheck-0.12-3.module+el8.9.0+90094+20819f5a.noarch.rpm | Linux |
| Ipa-healthcheck-core update (ELSA-2024-3044) ipa-healthcheck-core-0.12-3.module+el8.9.0+90094+20819f5a.noarch.rpm | Linux |
| Ipa-healthcheck-core update (ELSA-2024-3044) ipa-healthcheck-core-0.12-3.module+el8.9.0+90095+d672673c.noarch.rpm | Linux |
| Ipa-python-compat update (ELSA-2024-3044) ipa-python-compat-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Ipa-python-compat update (ELSA-2024-3044) ipa-python-compat-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpm | Linux |
| Ipa-selinux update (ELSA-2024-3044) ipa-selinux-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Ipa-selinux update (ELSA-2024-3044) ipa-selinux-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpm | Linux |
| Ipa-server update (ELSA-2024-3044) ipa-server-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpm | Linux |
| Ipa-server-common update (ELSA-2024-3044) ipa-server-common-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Ipa-server-dns update (ELSA-2024-3044) ipa-server-dns-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Ipa-server-trust-ad update (ELSA-2024-3044) ipa-server-trust-ad-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpm | Linux |
| Opendnssec update (ELSA-2024-3044) opendnssec-2.1.7-1.module+el8.9.0+90094+20819f5a.x86_64.rpm | Linux |
| Python3-custodia update (ELSA-2024-3044) python3-custodia-0.6.0-3.module+el8.9.0+90094+20819f5a.noarch.rpm | Linux |
| Python3-ipaclient update (ELSA-2024-3044) python3-ipaclient-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Python3-ipaclient update (ELSA-2024-3044) python3-ipaclient-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpm | Linux |
| Python3-ipalib update (ELSA-2024-3044) python3-ipalib-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Python3-ipalib update (ELSA-2024-3044) python3-ipalib-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpm | Linux |
| Python3-ipaserver update (ELSA-2024-3044) python3-ipaserver-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Python3-ipatests update (ELSA-2024-3044) python3-ipatests-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Python3-jwcrypto update (ELSA-2024-3044) python3-jwcrypto-0.5.0-1.1.module+el8.9.0+90094+20819f5a.noarch.rpm | Linux |
| Python3-jwcrypto update (ELSA-2024-3044) python3-jwcrypto-0.5.0-1.1.module+el8.9.0+90095+d672673c.noarch.rpm | Linux |
| Python3-kdcproxy update (ELSA-2024-3044) python3-kdcproxy-0.4-5.module+el8.9.0+90122+3305dc1d.noarch.rpm | Linux |
| Python3-pyusb update (ELSA-2024-3044) python3-pyusb-1.0.0-9.1.module+el8.9.0+90094+20819f5a.noarch.rpm | Linux |
| Python3-pyusb update (ELSA-2024-3044) python3-pyusb-1.0.0-9.1.module+el8.9.0+90095+d672673c.noarch.rpm | Linux |
| Python3-qrcode update (ELSA-2024-3044) python3-qrcode-5.1-12.module+el8.9.0+90094+20819f5a.noarch.rpm | Linux |
| Python3-qrcode update (ELSA-2024-3044) python3-qrcode-5.1-12.module+el8.9.0+90095+d672673c.noarch.rpm | Linux |
| Python3-qrcode-core update (ELSA-2024-3044) python3-qrcode-core-5.1-12.module+el8.9.0+90094+20819f5a.noarch.rpm | Linux |
| Python3-qrcode-core update (ELSA-2024-3044) python3-qrcode-core-5.1-12.module+el8.9.0+90095+d672673c.noarch.rpm | Linux |
| Python3-yubico update (ELSA-2024-3044) python3-yubico-1.3.2-9.1.module+el8.9.0+90094+20819f5a.noarch.rpm | Linux |
| Python3-yubico update (ELSA-2024-3044) python3-yubico-1.3.2-9.1.module+el8.9.0+90095+d672673c.noarch.rpm | Linux |
| Slapi-nis update (ELSA-2024-3044) slapi-nis-0.60.0-4.module+el8.10.0+90297+bfe93ccc.x86_64.rpm | Linux |
| Softhsm update (ELSA-2024-3044) softhsm-2.6.0-5.module+el8.9.0+90094+20819f5a.x86_64.rpm | Linux |
| Softhsm-devel update (ELSA-2024-3044) softhsm-devel-2.6.0-5.module+el8.9.0+90094+20819f5a.x86_64.rpm | Linux |
| Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-freeipa for linux 4.6.7 | Linux |
| Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-freeipa for linux 4.7.4 | Linux |
| Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-freeipa for linux 4.8.3 | Linux |
| Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-ipa for linux 4.6.7 | Linux |
| Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-ipa for linux 4.7.4 | Linux |
| Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-ipa for linux 4.8.3 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234