FreeIPA fixed XXE (CVE-2022-2414) found by our researcher @elk | PT SWARM
FreeIPA fixed XXE (CVE-2022-2414) found by our researcher @elk0kc.
In some cases, it allows attackers to read the Directory Manager password from configs of FreeIPA and take full control of the infrastructure. May or may not require auth.
Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...