Описание
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | pki-core | Out of support scope | ||
| Red Hat Certificate System 10.4 EUS for RHEL-8 | redhat-pki | Fixed | RHSA-2024:4070 | 24.06.2024 |
| Red Hat Enterprise Linux 7 | pki-core | Fixed | RHSA-2024:4222 | 02.07.2024 |
| Red Hat Enterprise Linux 8 | pki-core | Fixed | RHSA-2024:4367 | 08.07.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | pki-core | Fixed | RHSA-2024:4164 | 27.06.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | pki-core | Fixed | RHSA-2024:4164 | 27.06.2024 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | pki-core | Fixed | RHSA-2024:4164 | 27.06.2024 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | pki-core | Fixed | RHSA-2024:4403 | 09.07.2024 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | pki-core | Fixed | RHSA-2024:4403 | 09.07.2024 |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | pki-core | Fixed | RHSA-2024:4403 | 09.07.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
A flaw was found in dogtag-pki and pki-core. The token authentication ...
EPSS
7.5 High
CVSS3