CVE-2016-5404

Severity CVSS v4.0:
Pending analysis
Type:
CWE-284 Improper Access Control
Publication date:
07/09/2016
Last modified:
12/04/2025

Description

The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:freeipa:freeipa:-:*:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools