products / freeipa

FreeIPA

FreeIPA integrates LDAP, Kerberos, DNS, and certificate management for Linux enterprise identity. Attestd ingests cpe:2.3:a:freeipa:freeipa. Eligibility (sentinel rate and non-sentinel count) should be confirmed with scripts/test_nvd.py before production cutover.

api usage

Querying FreeIPA

product slugfreeipa

version format4.9.8, 4.12.0, semver

bash

curl "https://api.attestd.io/v1/check?product=freeipa&version=4.9.8" \
  -H "Authorization: Bearer $ATTESTD_KEY"

json

{
  "product": "freeipa",
  "version": "4.9.8",
  "supported": true,
  "risk_state": "high",
  "risk_factors": [
    "authentication_bypass",
    "patch_available",
    "internet_exposed_service"
  ],
  "actively_exploited": false,
  "remote_exploitable": true,
  "authentication_required": false,
  "patch_available": true,
  "fixed_version": "4.10.1",
  "confidence": 0.75,
  "cve_ids": ["CVE-2024-2698"],
  "last_updated": "2026-05-13T18:00:00Z",
  "supply_chain": null
}

safe version

bash

curl "https://api.attestd.io/v1/check?product=freeipa&version=4.12.0" \
  -H "Authorization: Bearer $ATTESTD_KEY"

notable cves

CVE history

CVE	Description	CVSS
`CVE-2024-2698`	LDAP bind authentication bypass class issue in FreeIPA (illustrative reference from coverage plan).	8.4

All products MIT Kerberos OpenLDAP Response Field Reference