Home > Vulnerability Database > CVE-2019-10195

Mend.io Vulnerability Database

CVE-2019-10195

Good to know:

Date: November 27, 2019

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed.

Language: Python

Severity Score

6.5

Related Resources (19)

Url: https://github.com/hatchetation/freeipa

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLFL5XDCJ3WT6JCLCQVKHZBLHGW7PW4T/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/67SEUWJAJ5RMH5K4Q6TS2I7HIMXUGNKF/

Url: https://www.freeipa.org/page/Releases/4.7.4

Url: https://www.freeipa.org/page/Releases/4.8.3

Url: https://access.redhat.com/security/cve/CVE-2019-10195

Url: https://access.redhat.com/errata/RHSA-2020:0378

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/67SEUWJAJ5RMH5K4Q6TS2I7HIMXUGNKF/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFL5XDCJ3WT6JCLCQVKHZBLHGW7PW4T/

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-10195

Url: https://www.freeipa.org/page/Releases/4.6.7

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10195

Url: https://pagure.io/freeipa/c/5913826a4654a115cd5ff2dbf4a2b3ad38a93081

Url: https://github.com/pypa/advisory-database/tree/main/vulns/ipa/PYSEC-2019-168.yaml

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLFL5XDCJ3WT6JCLCQVKHZBLHGW7PW4T

Url: https://access.redhat.com/errata/RHBA-2019:4268

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/67SEUWJAJ5RMH5K4Q6TS2I7HIMXUGNKF

Url: https://github.com/pypa/advisory-database/tree/main/vulns/freeipa/PYSEC-2019-22.yaml

Url: https://www.mend.io/vulnerability-database/CVE-2019-10195

Severity Score

6.5

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Information Exposure Through Log Files

CWE-532

Top Fix

Upgrade Version

Upgrade to version release-4-6-7,release-4-7-4,release-4-8-3

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-10195

Good to know:

Date: November 27, 2019

Language: Python

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?