CVE-2024-2698

Name: CVE-2024-2698
Creator: NVD / NIST
Published: 2024-06-12T08:15:50.25+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 0.67%

Last modified Jun 17, 2026

CVE-2024-2698 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request. In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. EPSS estimates a 0.67% chance of exploitation in the next 30 days.

Description

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request. In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.67%

47.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Freeipa	Freeipa	>= 4.11.0, < 4.11.2
Freeipa	Freeipa	4.12.0

References

https://access.redhat.com/errata/RHSA-2024:3754Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:3755Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:3757Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:3759Vendor Advisory
https://access.redhat.com/security/cve/CVE-2024-2698Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2270353Issue Tracking, Mitigation, Vendor Advisory
https://www.freeipa.org/release-notes/4-12-1.htmlRelease Notes
https://access.redhat.com/errata/RHSA-2024:3754Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:3755Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:3757Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:3759Vendor Advisory
https://access.redhat.com/security/cve/CVE-2024-2698Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2270353Issue Tracking, Mitigation, Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WT3JL7JQDIAFKKEFARWYES7GZNWGQNCI/
https://www.freeipa.org/release-notes/4-12-1.htmlRelease Notes

Timeline

Published: Jun 12, 2024
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2024-2698?

How severe is CVE-2024-2698?

CVE-2024-2698 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.67% probability of exploitation in the next 30 days.

How do I fix CVE-2024-2698?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-2698?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST