Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-scdj-h63h-jyap

Summary A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed.

Aliases

alias	CVE-2019-10195

alias	GHSA-w4q7-f34x-vpgc

alias	PYSEC-2019-168

alias	PYSEC-2019-22

Fixed_packages

url	pkg:deb/debian/freeipa@4.12.4-1?distro=trixie
purl	pkg:deb/debian/freeipa@4.12.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/freeipa@4.12.4-1%3Fdistro=trixie

url	pkg:deb/debian/freeipa@4.13.1-1?distro=trixie
purl	pkg:deb/debian/freeipa@4.13.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/freeipa@4.13.1-1%3Fdistro=trixie

url	pkg:deb/debian/freeipa@4.8.3-1?distro=trixie
purl	pkg:deb/debian/freeipa@4.8.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/freeipa@4.8.3-1%3Fdistro=trixie

url pkg:deb/debian/freeipa@4.9.11-1?distro=trixie

purl pkg:deb/debian/freeipa@4.9.11-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3f89-mcrr-c7a8

vulnerability	VCID-na74-a1eh-2qbz

vulnerability	VCID-rer2-p2um-67dj

vulnerability	VCID-t2jp-1sef-gud7

vulnerability	VCID-tyhn-ua1b-zqe4

vulnerability	VCID-zth8-6eje-83dz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freeipa@4.9.11-1%3Fdistro=trixie

url	pkg:pypi/freeipa@4.6.7
purl	pkg:pypi/freeipa@4.6.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/freeipa@4.6.7

url	pkg:pypi/freeipa@4.7.4
purl	pkg:pypi/freeipa@4.7.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/freeipa@4.7.4

url	pkg:pypi/freeipa@4.8.3
purl	pkg:pypi/freeipa@4.8.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/freeipa@4.8.3

url	pkg:pypi/ipa@4.6.7
purl	pkg:pypi/ipa@4.6.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/ipa@4.6.7

url	pkg:pypi/ipa@4.7.4
purl	pkg:pypi/ipa@4.7.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/ipa@4.7.4

url	pkg:pypi/ipa@4.8.3
purl	pkg:pypi/ipa@4.8.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/ipa@4.8.3

Affected_packages

url pkg:pypi/freeipa@4.6.1

purl pkg:pypi/freeipa@4.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-scdj-h63h-jyap

vulnerability	VCID-skej-btxh-mkg4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/freeipa@4.6.1

url pkg:pypi/freeipa@4.6.2

purl pkg:pypi/freeipa@4.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-prhp-jxk5-vuag

vulnerability	VCID-scdj-h63h-jyap

vulnerability	VCID-skej-btxh-mkg4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/freeipa@4.6.2

url pkg:pypi/freeipa@4.6.3

purl pkg:pypi/freeipa@4.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-scdj-h63h-jyap

vulnerability	VCID-skej-btxh-mkg4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/freeipa@4.6.3

url pkg:pypi/freeipa@4.6.4

purl pkg:pypi/freeipa@4.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-scdj-h63h-jyap

vulnerability	VCID-skej-btxh-mkg4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/freeipa@4.6.4

url pkg:pypi/freeipa@4.6.5

purl pkg:pypi/freeipa@4.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-scdj-h63h-jyap

vulnerability	VCID-skej-btxh-mkg4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/freeipa@4.6.5

url pkg:pypi/freeipa@4.7.0

purl pkg:pypi/freeipa@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-prhp-jxk5-vuag

vulnerability	VCID-scdj-h63h-jyap

vulnerability	VCID-skej-btxh-mkg4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/freeipa@4.7.0

url pkg:pypi/freeipa@4.7.1

purl pkg:pypi/freeipa@4.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-scdj-h63h-jyap

vulnerability	VCID-skej-btxh-mkg4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/freeipa@4.7.1

url pkg:pypi/freeipa@4.7.2

purl pkg:pypi/freeipa@4.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-scdj-h63h-jyap

vulnerability	VCID-skej-btxh-mkg4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/freeipa@4.7.2

url pkg:pypi/freeipa@4.8.0

purl pkg:pypi/freeipa@4.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-prhp-jxk5-vuag

vulnerability	VCID-scdj-h63h-jyap

vulnerability	VCID-skej-btxh-mkg4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/freeipa@4.8.0

url pkg:pypi/freeipa@4.8.1

purl pkg:pypi/freeipa@4.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-scdj-h63h-jyap

vulnerability	VCID-skej-btxh-mkg4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/freeipa@4.8.1

url pkg:pypi/freeipa@4.8.2

purl pkg:pypi/freeipa@4.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-scdj-h63h-jyap

vulnerability	VCID-skej-btxh-mkg4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/freeipa@4.8.2

url pkg:pypi/ipa@4.6.2

purl pkg:pypi/ipa@4.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-prhp-jxk5-vuag

vulnerability	VCID-pun7-ervx-bkd8

vulnerability	VCID-scdj-h63h-jyap

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ipa@4.6.2

url pkg:pypi/ipa@4.6.3

purl pkg:pypi/ipa@4.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-prhp-jxk5-vuag

vulnerability	VCID-pun7-ervx-bkd8

vulnerability	VCID-scdj-h63h-jyap

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ipa@4.6.3

url pkg:pypi/ipa@4.6.4

purl pkg:pypi/ipa@4.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-prhp-jxk5-vuag

vulnerability	VCID-pun7-ervx-bkd8

vulnerability	VCID-scdj-h63h-jyap

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ipa@4.6.4

url pkg:pypi/ipa@4.6.5

purl pkg:pypi/ipa@4.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-prhp-jxk5-vuag

vulnerability	VCID-pun7-ervx-bkd8

vulnerability	VCID-scdj-h63h-jyap

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ipa@4.6.5

url pkg:pypi/ipa@4.7.0

purl pkg:pypi/ipa@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-prhp-jxk5-vuag

vulnerability	VCID-pun7-ervx-bkd8

vulnerability	VCID-scdj-h63h-jyap

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ipa@4.7.0

url pkg:pypi/ipa@4.7.1

purl pkg:pypi/ipa@4.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-prhp-jxk5-vuag

vulnerability	VCID-pun7-ervx-bkd8

vulnerability	VCID-scdj-h63h-jyap

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ipa@4.7.1

url pkg:pypi/ipa@4.7.2

purl pkg:pypi/ipa@4.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-prhp-jxk5-vuag

vulnerability	VCID-pun7-ervx-bkd8

vulnerability	VCID-scdj-h63h-jyap

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ipa@4.7.2

url pkg:pypi/ipa@4.8.0

purl pkg:pypi/ipa@4.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-prhp-jxk5-vuag

vulnerability	VCID-pun7-ervx-bkd8

vulnerability	VCID-scdj-h63h-jyap

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ipa@4.8.0

url pkg:pypi/ipa@4.8.1

purl pkg:pypi/ipa@4.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-prhp-jxk5-vuag

vulnerability	VCID-pun7-ervx-bkd8

vulnerability	VCID-scdj-h63h-jyap

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ipa@4.8.1

url pkg:pypi/ipa@4.8.2

purl pkg:pypi/ipa@4.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-prhp-jxk5-vuag

vulnerability	VCID-pun7-ervx-bkd8

vulnerability	VCID-scdj-h63h-jyap

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ipa@4.8.2

References

reference_url

https://access.redhat.com/errata/RHBA-2019:4268

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHBA-2019:4268

reference_url

https://access.redhat.com/errata/RHSA-2020:0378

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0378

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10195

reference_id

reference_type

scores

value	0.00649
scoring_system	epss
scoring_elements	0.71135
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10195

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10195

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10195

reference_url

https://github.com/hatchetation/freeipa

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hatchetation/freeipa

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/freeipa/PYSEC-2019-22.yaml

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/freeipa/PYSEC-2019-22.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/ipa/PYSEC-2019-168.yaml

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/ipa/PYSEC-2019-168.yaml

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/67SEUWJAJ5RMH5K4Q6TS2I7HIMXUGNKF

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/67SEUWJAJ5RMH5K4Q6TS2I7HIMXUGNKF

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/67SEUWJAJ5RMH5K4Q6TS2I7HIMXUGNKF/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/67SEUWJAJ5RMH5K4Q6TS2I7HIMXUGNKF/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLFL5XDCJ3WT6JCLCQVKHZBLHGW7PW4T

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLFL5XDCJ3WT6JCLCQVKHZBLHGW7PW4T

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLFL5XDCJ3WT6JCLCQVKHZBLHGW7PW4T/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLFL5XDCJ3WT6JCLCQVKHZBLHGW7PW4T/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10195

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10195

reference_url

https://pagure.io/freeipa/c/5913826a4654a115cd5ff2dbf4a2b3ad38a93081

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pagure.io/freeipa/c/5913826a4654a115cd5ff2dbf4a2b3ad38a93081

reference_url

https://www.freeipa.org/page/Releases/4.6.7

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.freeipa.org/page/Releases/4.6.7

reference_url

https://www.freeipa.org/page/Releases/4.7.4

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.freeipa.org/page/Releases/4.7.4

reference_url

https://www.freeipa.org/page/Releases/4.8.3

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.freeipa.org/page/Releases/4.8.3

Weaknesses

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 0.0

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-scdj-h63h-jyap

Vulnerability Instance