CVE-2024-11029

MEDIUM Year: 2024
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-497
View all →

Vulnerability Description

A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.

Related Vulnerabilities

CVE-2021-1235

MEDIUM
CVSS:5.5(Medium)

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficien...

CWE-4972021

CVE-2021-1544

MEDIUM
CVSS:5.5(Medium)

A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe ...

CWE-4972021

CVE-2021-23135

MEDIUM
CVSS:5.5(Medium)

Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD...

CWE-4972021

CVE-2022-28651

MEDIUM
CVSS:5.5(Medium)

In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields

CWE-4972022

CVE-2022-34458

MEDIUM
CVSS:5.5(Medium)

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation ...

CWE-4972022