A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.
                
            References
                    Configurations
                    No configuration.
History
                    15 Jan 2025, 14:15
| Type | Values Removed | Values Added | 
|---|---|---|
| References | 
 | |
| Summary | 
 | 
15 Jan 2025, 13:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2025-01-15 13:15
Updated : 2025-01-15 14:15
NVD link : CVE-2024-11029
Mitre link : CVE-2024-11029
CVE.ORG link : CVE-2024-11029
JSON object : View
Products Affected
                No product.
CWE
                
                    
                        
                        CWE-497
                        
            Exposure of Sensitive System Information to an Unauthorized Control Sphere
