CVE-2017-11191
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-11191
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-11191.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-11191
- Published
- 2017-09-28T01:29:01Z
- Modified
- 2025-07-03T02:10:30.380254Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern
- References
Affected packages
Git / github.com/freeipa/freeipa
Affected ranges
- Type
- GIT
- Repo
- https://github.com/freeipa/freeipa
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
Affected versions
Other
alpha-1-9-0
alpha_1-4-1-0
alpha_1-4-2-0
alpha_1-4-4-0
alpha_2-1-9-0
alpha_3-1-9-0
alpha_4-1-9-0
alpha_5-1-9-0
alpha_5-1-9-0-1
beta_1-2-0-0
beta_1-3-0-0
beta_1-3-2-0
beta_1-3-3-0
beta_2-3-0-0
beta_2-3-3-0
milestone_2
milestone_3
milestone_4
milestone_4_1
milestone_6
rc_1-2-0-0
rc_2-2-0-0
rc_3-2-0-0
release-1-0-0
release-1-1-0
release-2-0-0
release-2-1-0
release-3-1-0
release-3-2-0
release-3-2-0-pre1
release-3-3-0
release-4-0-0
release-4-1-0
release-4-1-1
release-4-2-0
release-4-2-1
release-4-2-2
release-4-4-0
release-4-4-1
release-4-4-2
release-4-4-3
release-4-6-0
release-4-6-1