Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-20179

Опубликовано: 15 мар. 2021
Источник: nvd
CVSS3: 8.1
CVSS2: 5.5
EPSS Низкий

Описание

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:*
Версия до 10.5.0 (исключая)
cpe:2.3:a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:*
Версия от 10.5.1 (включая) до 10.8.0 (исключая)
cpe:2.3:a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:*
Версия от 10.8.1 (включая) до 10.9.0 (исключая)
cpe:2.3:a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:*
Версия от 10.9.1 (включая) до 10.10.0 (исключая)
cpe:2.3:a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:*
Версия от 10.10.1 (включая) до 10.11.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:redhat:certificate_system:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

EPSS

Процентиль: 60%
0.00399
Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-863
CWE-863

Связанные уязвимости

ubuntu логотип

CVE-2021-20179

CVSS3: 8.1
ubuntu
больше 4 лет назад

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

redhat логотип

CVE-2021-20179

CVSS3: 8.1
redhat
больше 4 лет назад

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

debian логотип

CVE-2021-20179

CVSS3: 8.1
debian
больше 4 лет назад

A flaw was found in pki-core. An attacker who has successfully comprom ...

github логотип

GHSA-q87w-gh3f-77p7

CVSS3: 8.1
github
около 3 лет назад

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

oracle-oval логотип

ELSA-2021-0966

oracle-oval
около 4 лет назад

ELSA-2021-0966: pki-core:10.6 security update (IMPORTANT)

EPSS

Процентиль: 60%
0.00399
Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-863
CWE-863