Improper Authorization in FreeIPA - CVE-2024-2698
Published: June 19, 2024
Vulnerability identifier: #VU92247
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-2698
CWE-ID: CWE-285
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
FreeIPA
FreeIPA
Software vendor:
freeipa.org
freeipa.org
Description
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error in ipadb_match_acl() within the initial implementation of MS-SFU by MIT Kerberos, which was missing a condition for granting the “forwardable” flag on S4U2Self tickets. This results in S4U2Proxy requests to be accepted regardless of the fact there is a matching service delegation rule or not.
Note, this vulnerability does not affect default FreeIPA deployments because the services which have delegation rules defined are on IPA servers themselves. Services having RBCD (resource-based constrained delegation) rules are not affected by this vulnerability either.
Remediation
Install updates from vendor's website.