CVE-2023-5455

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-5455
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:0137 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0138 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0139 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0140 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0141 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0142 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0143 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0144 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0145 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0252 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5455 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2242828 Issue Tracking Third Party Advisory
https://www.freeipa.org/release-notes/4-10-3.html Release Notes
https://www.freeipa.org/release-notes/4-11-1.html Release Notes
https://www.freeipa.org/release-notes/4-6-10.html Release Notes
https://www.freeipa.org/release-notes/4-9-14.html Release Notes
https://access.redhat.com/errata/RHSA-2024:0137 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0138 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0139 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0140 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0141 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0142 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0143 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0144 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0145 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0252 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5455 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2242828 Issue Tracking Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/
https://www.freeipa.org/release-notes/4-10-3.html Release Notes
https://www.freeipa.org/release-notes/4-11-1.html Release Notes
https://www.freeipa.org/release-notes/4-6-10.html Release Notes
https://www.freeipa.org/release-notes/4-9-14.html Release Notes
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:freeipa:freeipa:*:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:*:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:*:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.11.0:-:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.11.0:beta1:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:arm64:*
cpe:2.3:o:redhat:enterprise_linux:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:arm64:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:9.0:*:*:*:*:*:arm64:*
cpe:2.3:o:redhat:enterprise_linux_server:9.2:*:*:*:*:*:arm64:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_ibm_z_systems:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
History

21 Nov 2024, 08:41

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/ -
References () https://access.redhat.com/errata/RHSA-2024:0137 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2024:0137 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0138 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2024:0138 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0139 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2024:0139 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0140 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2024:0140 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0141 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2024:0141 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0142 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2024:0142 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0143 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2024:0143 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0144 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2024:0144 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0145 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2024:0145 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0252 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2024:0252 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2023-5455 - Third Party Advisory () https://access.redhat.com/security/cve/CVE-2023-5455 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2242828 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=2242828 - Issue Tracking, Third Party Advisory
References () https://www.freeipa.org/release-notes/4-10-3.html - Release Notes () https://www.freeipa.org/release-notes/4-10-3.html - Release Notes
References () https://www.freeipa.org/release-notes/4-11-1.html - Release Notes () https://www.freeipa.org/release-notes/4-11-1.html - Release Notes
References () https://www.freeipa.org/release-notes/4-6-10.html - Release Notes () https://www.freeipa.org/release-notes/4-6-10.html - Release Notes
References () https://www.freeipa.org/release-notes/4-9-14.html - Release Notes () https://www.freeipa.org/release-notes/4-9-14.html - Release Notes

16 Sep 2024, 16:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}

20 Feb 2024, 19:05

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.1 		v2 : unknown
v3 : 6.5
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/ - Mailing List
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/ - Mailing List

26 Jan 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/ -

17 Jan 2024, 01:41

Type Values Removed Values Added
First Time Freeipa freeipa
Redhat
Redhat enterprise Linux
Redhat enterprise Linux Eus
Redhat enterprise Linux For Power Little Endian Eus
Redhat codeready Linux Builder
Freeipa
Redhat enterprise Linux Server Aus
Redhat enterprise Linux Server For Ibm Z Systems
Redhat enterprise Linux Server Update Services For Sap Solutions
Redhat enterprise Linux For Arm 64 Eus
Redhat enterprise Linux Desktop
Fedoraproject
Fedoraproject fedora
Redhat enterprise Linux Update Services For Sap Solutions
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux Server Tus
Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Redhat enterprise Linux For Power Big Endian
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux Server
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux Workstation
Redhat enterprise Linux For Scientific Computing
References () https://access.redhat.com/security/cve/CVE-2023-5455 - () https://access.redhat.com/security/cve/CVE-2023-5455 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0141 - () https://access.redhat.com/errata/RHSA-2024:0141 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0138 - () https://access.redhat.com/errata/RHSA-2024:0138 - Third Party Advisory
References () https://www.freeipa.org/release-notes/4-10-3.html - () https://www.freeipa.org/release-notes/4-10-3.html - Release Notes
References () https://access.redhat.com/errata/RHSA-2024:0144 - () https://access.redhat.com/errata/RHSA-2024:0144 - Third Party Advisory
References () https://www.freeipa.org/release-notes/4-11-1.html - () https://www.freeipa.org/release-notes/4-11-1.html - Release Notes
References () https://access.redhat.com/errata/RHSA-2024:0145 - () https://access.redhat.com/errata/RHSA-2024:0145 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0252 - () https://access.redhat.com/errata/RHSA-2024:0252 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0143 - () https://access.redhat.com/errata/RHSA-2024:0143 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2242828 - () https://bugzilla.redhat.com/show_bug.cgi?id=2242828 - Issue Tracking, Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0140 - () https://access.redhat.com/errata/RHSA-2024:0140 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0142 - () https://access.redhat.com/errata/RHSA-2024:0142 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0139 - () https://access.redhat.com/errata/RHSA-2024:0139 - Third Party Advisory
References () https://www.freeipa.org/release-notes/4-6-10.html - () https://www.freeipa.org/release-notes/4-6-10.html - Release Notes
References () https://www.freeipa.org/release-notes/4-9-14.html - () https://www.freeipa.org/release-notes/4-9-14.html - Release Notes
References () https://access.redhat.com/errata/RHSA-2024:0137 - () https://access.redhat.com/errata/RHSA-2024:0137 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.1
CPE cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:arm64:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:arm64:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:9.2:*:*:*:*:*:arm64:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_ibm_z_systems:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.11.0:beta1:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.11.0:-:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:9.0:*:*:*:*:*:arm64:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
CWE CWE-352

15 Jan 2024, 21:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0252 -

10 Jan 2024, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0141 -
  • () https://access.redhat.com/errata/RHSA-2024:0138 -
  • () https://access.redhat.com/errata/RHSA-2024:0145 -
  • () https://access.redhat.com/errata/RHSA-2024:0144 -
  • () https://access.redhat.com/errata/RHSA-2024:0143 -
  • () https://access.redhat.com/errata/RHSA-2024:0140 -
  • () https://access.redhat.com/errata/RHSA-2024:0142 -
  • () https://access.redhat.com/errata/RHSA-2024:0139 -
  • () https://access.redhat.com/errata/RHSA-2024:0137 -

10 Jan 2024, 13:56

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-10 13:15

Updated : 2024-11-21 08:41

NVD link : CVE-2023-5455

Mitre link : CVE-2023-5455

CVE.ORG link : CVE-2023-5455

JSON object : View

Products Affected

redhat

  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_server_tus
  • enterprise_linux
  • enterprise_linux_for_power_big_endian
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_for_scientific_computing
  • enterprise_linux_server_aus
  • enterprise_linux_server_update_services_for_sap_solutions
  • enterprise_linux_desktop
  • enterprise_linux_update_services_for_sap_solutions
  • enterprise_linux_eus
  • codeready_linux_builder
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_power_little_endian
  • enterprise_linux_server_for_ibm_z_systems
  • enterprise_linux_workstation
  • enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
  • enterprise_linux_server
  • enterprise_linux_for_arm_64_eus

fedoraproject

  • fedora

freeipa

  • freeipa
CWE
CWE-352

Cross-Site Request Forgery (CSRF)