Описание
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0.
A flaw was found in Step CA, an online certificate authority. This vulnerability allows a highly privileged attacker to improperly revoke SSH certificates. Such unauthorized revocation can disrupt services, leading to a denial of service for systems configured with the SSHPOP provisioner that rely on these certificates for secure access.
Отчет
This vulnerability is rated Moderate because it allows a highly privileged attacker to improperly revoke SSH certificates in Step CA deployments configured with the SSHPOP provisioner, leading to a denial of service. This impacts Red Hat products utilizing Step CA with the SSHPOP provisioner.
Дополнительная информация
Статус:
5 Medium
CVSS3
Связанные уязвимости
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0.
step-ca Has Improper Authorization Check for SSH Certificate Revocation
5 Medium
CVSS3