Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/ipa@4.6.7
purl pkg:pypi/ipa@4.6.7
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-prhp-jxk5-vuag A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server. CVE-2019-14867
GHSA-7hpj-hfcr-5qwm
PYSEC-2019-28
VCID-pun7-ervx-bkd8 A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server. PYSEC-2019-98
VCID-scdj-h63h-jyap A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed. CVE-2019-10195
GHSA-w4q7-f34x-vpgc
PYSEC-2019-168
PYSEC-2019-22

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-31T11:27:45.888727+00:00 GithubOSV Importer Fixing VCID-scdj-h63h-jyap https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w4q7-f34x-vpgc/GHSA-w4q7-f34x-vpgc.json 38.6.0
2026-05-31T11:12:14.467349+00:00 GithubOSV Importer Fixing VCID-prhp-jxk5-vuag https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-7hpj-hfcr-5qwm/GHSA-7hpj-hfcr-5qwm.json 38.6.0
2026-05-31T09:37:46.360264+00:00 PyPI Importer Fixing VCID-pun7-ervx-bkd8 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:37:46.280273+00:00 PyPI Importer Fixing VCID-prhp-jxk5-vuag https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:37:46.120789+00:00 PyPI Importer Fixing VCID-scdj-h63h-jyap https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T00:54:04.518542+00:00 GHSA Importer Fixing VCID-prhp-jxk5-vuag https://github.com/advisories/GHSA-7hpj-hfcr-5qwm 38.6.0
2026-05-30T20:56:22.571532+00:00 GitLab Importer Fixing VCID-prhp-jxk5-vuag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ipa/CVE-2019-14867.yml 38.6.0
2026-05-30T20:18:38.325419+00:00 Pypa Importer Fixing VCID-prhp-jxk5-vuag https://github.com/pypa/advisory-database/blob/main/vulns/ipa/PYSEC-2019-28.yaml 38.6.0
2026-05-30T20:18:38.174887+00:00 Pypa Importer Fixing VCID-scdj-h63h-jyap https://github.com/pypa/advisory-database/blob/main/vulns/ipa/PYSEC-2019-168.yaml 38.6.0