CVE-2016-9575

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-9575
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9575.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-9575
Downstream
Published
2018-03-13T13:29:00Z
Modified
2025-09-19T08:39:36.595856Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks.

References

Affected packages

Git / github.com/freeipa/freeipa

Affected versions

Other

alpha-1-9-0
alpha_1-4-2-0
alpha_2-1-9-0
alpha_3-1-9-0
alpha_4-1-9-0
alpha_5-1-9-0
alpha_5-1-9-0-1
beta_1-2-0-0
beta_1-3-0-0
beta_1-3-2-0
beta_1-3-3-0
beta_2-3-0-0
beta_2-3-3-0
milestone_2
milestone_3
milestone_4
milestone_4_1
milestone_6
rc_1-2-0-0
rc_2-2-0-0
rc_3-2-0-0
release-1-0-0
release-1-1-0
release-2-0-0
release-2-1-0
release-3-1-0
release-3-2-0
release-3-2-0-pre1
release-3-3-0
release-4-0-0
release-4-2-0
release-4-2-1
release-4-2-2