2325557 – (CVE-2024-11029) CVE-2024-11029 freeipa: Administrative user data leaked through systemd journal

Bug 2325557 (CVE-2024-11029) - CVE-2024-11029 freeipa: Administrative user data leaked through systemd journal

Summary: CVE-2024-11029 freeipa: Administrative user data leaked through systemd journal

Keywords:
Status:	NEW
Alias:	CVE-2024-11029
Deadline:	2025-01-15
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-11-12 16:20 UTC by OSIDB Bzimport
Modified:	2025-04-11 08:35 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:0334	0	None	None	None	2025-01-15 13:53:03 UTC

Description OSIDB Bzimport 2024-11-12 16:20:01 UTC

The FreeIPA API audit sends the whole FreeIPA ccommand line to journalctl, as consequence during the FreeIPA installation process inadvertently ends up leaking the administrative user credentials (including the administrator password) to the journal database. On worst case scenario where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.

Comment 5 errata-xmlrpc 2025-01-15 13:53:02 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:0334 https://access.redhat.com/errata/RHSA-2025:0334

Note You need to log in before you can comment on or make changes to this bug.