The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-09-07T20:00:00

Updated: 2024-08-06T01:01:00.162Z

Reserved: 2016-06-10T00:00:00

Link: CVE-2016-5404

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-09-07T20:59:01.623

Modified: 2024-11-21T02:54:15.020

Link: CVE-2016-5404

cve-icon Redhat

Severity : Moderate

Publid Date: 2016-08-17T00:00:00Z

Links: CVE-2016-5404 - Bugzilla