The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials. (CVE-2024-11029) Note that Nessus relies on the presence of the package as reported by the vendor. File data…Read More