UBUNTU-CVE-2017-12169

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2017-12169

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-12169.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2017-12169

Upstream

CVE-2017-12169

Published

2018-01-10T15:29:00Z

Modified

2025-07-14T07:44:31.456764Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Ubuntu - low

Summary

[none]

Details

It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability.

References

Affected packages

Ubuntu:Pro:14.04:LTS / freeipa

Package

Name: freeipa
Purl: pkg:deb/ubuntu/freeipa@3.3.4-0ubuntu3.1+esm1?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.1-0ubuntu1

3.3.4-0ubuntu1

3.3.4-0ubuntu2

3.3.4-0ubuntu3

3.3.4-0ubuntu3.1

3.3.4-0ubuntu3.1+esm1

Ubuntu:Pro:16.04:LTS / freeipa

Package

Name: freeipa
Purl: pkg:deb/ubuntu/freeipa@4.3.1-0ubuntu1+esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.1.4-1

4.3.1-0ubuntu1

4.3.1-0ubuntu1+esm1

Ubuntu:Pro:18.04:LTS / freeipa

Package

Name: freeipa
Purl: pkg:deb/ubuntu/freeipa@4.7.0~pre1+git20180411-2ubuntu2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.4-3ubuntu1

4.4.4-4

4.7.0~pre1+git20180411-2ubuntu1

4.7.0~pre1+git20180411-2ubuntu2

Ubuntu:Pro:20.04:LTS / freeipa

Package

Name: freeipa
Purl: pkg:deb/ubuntu/freeipa@4.8.6-1ubuntu2?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.8.1-2ubuntu1

4.8.3-1

4.8.6-1ubuntu2

Ubuntu:22.04:LTS / freeipa

Package

Name: freeipa
Purl: pkg:deb/ubuntu/freeipa@4.9.8-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.8.6-1ubuntu6

4.8.6-1ubuntu8

4.8.6-1ubuntu9

4.9.8-1

Ubuntu:24.04:LTS / freeipa

Package

Name: freeipa
Purl: pkg:deb/ubuntu/freeipa@4.11.1-2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.10.2-1

4.10.2-2

4.10.2-2ubuntu3

4.11.1-1

4.11.1-2

Ubuntu:25.04 / freeipa

Package

Name: freeipa
Purl: pkg:deb/ubuntu/freeipa@4.12.2-3?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.11.1-2.1

4.12.2-1

4.12.2-2

4.12.2-3