In FreeIPA, alpha-1-9-0 to rc_1-2-1-90 there is a public exposure of DNS records to anyone who has access to the LDAP server (System Network Configuration Discovery which later can serve an attacker for lateral movement). Upstream patch:
Thank you for the report. This looks like a potential vulnerability.
Source link
You must be logged in to post a comment.