In FreeIPA, alpha-1-9-0 to rc_1-2-1-90 there is a public exposure of DNS records to anyone who has access to the LDAP server (System Network Configuration Discovery which later can serve an attacker for lateral movement). Upstream patch:

Thank you for the report. This looks like a potential vulnerability.



Source link

Write a comment:
*

Your email address will not be published.