CVE-2014-7850

CVE-2014-7828

Summary

This vulnerability allows escalation of privileges by utilizing XSS vulnerability. Could be misused only by FreeIPA users.

Affected Versions

4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.1.0, 4.1.1

Impact

Moderate

Fixed in Versions

4.1.2

Manual Instructions

Block Web UI or disallow untrusted users to create new LDAP objects.

More Information

For more information see

• https://fedorahosted.org/freeipa/ticket/4742

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7850