CVE-2019-14826

LOW

Description

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14826

Details

Source: MITRE

Published: 2019-09-17

Updated: 2019-09-20

Type: CWE-613

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW