Back to bug 1395311
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-11-15 16:23:34 UTC | CC | security-response-team | |
| Adam Mariš | 2016-11-15 16:26:53 UTC | Blocks | 1395316 | |
| Adam Mariš | 2016-11-15 16:29:43 UTC | CC | ftweedal | |
| Adam Mariš | 2016-11-23 14:24:40 UTC | Whiteboard | impact=moderate,public=no,reported=20161115,source=customer,cvss2=4.9/AV:N/AC:M/Au:S/C:N/I:P/A:P,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L,cwe=CWE-863,rhel-6/ipa=new,rhel-7/ipa=affected,fedora-all/ipa=affected | impact=moderate,public=no,reported=20161115,source=customer,cvss2=4.9/AV:N/AC:M/Au:S/C:N/I:P/A:P,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L,cwe=CWE-863,rhel-6/ipa=new,rhel-7/ipa=affected,fedora-all/freeipa=affected |
| Cedric Buissart | 2016-12-07 10:38:11 UTC | CC | cbuissar | |
| Cedric Buissart | 2016-12-07 10:39:12 UTC | Alias | CVE-2016-9575 | |
| Cedric Buissart | 2016-12-07 10:39:16 UTC | Summary | EMBARGOED ipa: Insufficient permission check in certprofile-mod | EMBARGOED CVE-2016-9575 ipa: Insufficient permission check in certprofile-mod |
| Cedric Buissart | 2016-12-07 15:00:59 UTC | Whiteboard | impact=moderate,public=no,reported=20161115,source=customer,cvss2=4.9/AV:N/AC:M/Au:S/C:N/I:P/A:P,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L,cwe=CWE-863,rhel-6/ipa=new,rhel-7/ipa=affected,fedora-all/freeipa=affected | impact=moderate,public=no,reported=20161115,source=customer,cvss2=4.9/AV:N/AC:M/Au:S/C:N/I:P/A:P,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L,cwe=CWE-863,rhel-6/ipa=notaffected,rhel-7/ipa=affected,fedora-all/freeipa=affected |
| Cedric Buissart | 2016-12-07 16:31:37 UTC | Doc Text | It was found that ipa's certprofile-mod command did not properly check the user's permissions while modifying certificate profiles. An authenticated, unprivileged, attacker could use this flaw to modify profiles for Denial of Service and Man in the Middle attacks, or privilege escalations. | |
| Dhiru Kholia | 2016-12-08 11:59:47 UTC | Depends On | 1402810 | |
| Dhiru Kholia | 2016-12-08 12:00:02 UTC | Depends On | 1402811 | |
| Cedric Buissart | 2016-12-08 12:38:00 UTC | Doc Text | It was found that ipa's certprofile-mod command did not properly check the user's permissions while modifying certificate profiles. An authenticated, unprivileged, attacker could use this flaw to modify profiles for Denial of Service and Man in the Middle attacks, or privilege escalations. | It was found that IdM's certprofile-mod command did not properly check the user's permissions while modifying certificate profiles. An authenticated, unprivileged, attacker could use this flaw to modify profiles for Denial of Service and Man in the Middle attacks, or privilege escalations. |
| Cedric Buissart | 2016-12-08 13:38:47 UTC | Whiteboard | impact=moderate,public=no,reported=20161115,source=customer,cvss2=4.9/AV:N/AC:M/Au:S/C:N/I:P/A:P,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L,cwe=CWE-863,rhel-6/ipa=notaffected,rhel-7/ipa=affected,fedora-all/freeipa=affected | impact=moderate,public=no,reported=20161115,source=customer,cvss2=4.9/AV:N/AC:M/Au:S/C:N/I:P/A:P,cvss3=5.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L,cwe=CWE-863,rhel-6/ipa=notaffected,rhel-7/ipa=affected,fedora-all/freeipa=affected |
| Cedric Buissart | 2016-12-08 13:55:43 UTC | Whiteboard | impact=moderate,public=no,reported=20161115,source=customer,cvss2=4.9/AV:N/AC:M/Au:S/C:N/I:P/A:P,cvss3=5.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L,cwe=CWE-863,rhel-6/ipa=notaffected,rhel-7/ipa=affected,fedora-all/freeipa=affected | impact=moderate,public=no,reported=20161115,source=customer,cvss2=4.9/AV:N/AC:M/Au:S/C:N/I:P/A:P,cvss3=6.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-863,rhel-6/ipa=notaffected,rhel-7/ipa=affected,fedora-all/freeipa=affected |
| Cedric Buissart | 2016-12-08 13:57:15 UTC | Whiteboard | impact=moderate,public=no,reported=20161115,source=customer,cvss2=4.9/AV:N/AC:M/Au:S/C:N/I:P/A:P,cvss3=6.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-863,rhel-6/ipa=notaffected,rhel-7/ipa=affected,fedora-all/freeipa=affected | impact=moderate,public=no,reported=20161115,source=customer,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,cvss3=6.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-863,rhel-6/ipa=notaffected,rhel-7/ipa=affected,fedora-all/freeipa=affected |
| Cedric Buissart | 2016-12-12 08:46:55 UTC | CC | jcholast | |
| Cedric Buissart | 2016-12-12 11:05:05 UTC | Whiteboard | impact=moderate,public=no,reported=20161115,source=customer,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,cvss3=6.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-863,rhel-6/ipa=notaffected,rhel-7/ipa=affected,fedora-all/freeipa=affected | impact=moderate,public=20161214,reported=20161115,source=customer,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,cvss3=6.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-863,rhel-6/ipa=notaffected,rhel-7/ipa=affected,fedora-all/freeipa=affected |
| Cedric Buissart | 2016-12-14 13:39:01 UTC | Summary | EMBARGOED CVE-2016-9575 ipa: Insufficient permission check in certprofile-mod | CVE-2016-9575 ipa: Insufficient permission check in certprofile-mod |
| Cedric Buissart | 2016-12-14 13:39:04 UTC | Group | security, qe_staff | |
| Cedric Buissart | 2016-12-14 13:39:17 UTC | Depends On | 1404718 | |
| Tomas Hoger | 2016-12-21 12:34:04 UTC | Doc Text | It was found that IdM's certprofile-mod command did not properly check the user's permissions while modifying certificate profiles. An authenticated, unprivileged, attacker could use this flaw to modify profiles for Denial of Service and Man in the Middle attacks, or privilege escalations. | It was found that IdM's certprofile-mod command did not properly check the user's permissions while modifying certificate profiles. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks. |
| Cedric Buissart | 2017-01-02 11:49:09 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-01-02 06:49:09 UTC | |||
| Laura Pardo | 2018-03-12 22:23:41 UTC | Fixed In Version | ipa 4.4.0-14 | |
| Laura Pardo | 2018-03-13 19:44:12 UTC | Fixed In Version | ipa 4.4.0-14 | ipa 4.3.3, ipa 4.4.3 |
| Product Security DevOps Team | 2019-09-29 14:00:54 UTC | Whiteboard | impact=moderate,public=20161214,reported=20161115,source=customer,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,cvss3=6.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-863,rhel-6/ipa=notaffected,rhel-7/ipa=affected,fedora-all/freeipa=affected |
Back to bug 1395311