Hide Forgot
An XSS flaw was reported in FreeIPA 4.x that could allow an administrator with lower privileges (such as sudo rights) to escalate their privileges to full administrator. Earlier versions of FreeIPA/IPA do not suffer from this flaw. Statement: This issue did not affect the versions of IPA as shipped with Red Hat Enterprise Linux 6 or 7 as they do not include the vulerable Web UI code.
The upstream ticket for this report: https://fedorahosted.org/freeipa/ticket/4742
Created freeipa tracking bugs for this issue: Affects: fedora-all [bug 1165856]