Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:4165

Опубликовано: 03 июл. 2024
Источник: rocky
Оценка: Important

Описание

Important: pki-core security update

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System.

Security Fix(es):

  • dogtag ca: token authentication bypass vulnerability (CVE-2023-4727)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
idm-pki-acmenoarch2.el9_4idm-pki-acme-11.5.0-2.el9_4.noarch.rpm
idm-pki-basenoarch2.el9_4idm-pki-base-11.5.0-2.el9_4.noarch.rpm
idm-pki-canoarch2.el9_4idm-pki-ca-11.5.0-2.el9_4.noarch.rpm
idm-pki-estnoarch2.el9_4idm-pki-est-11.5.0-2.el9_4.noarch.rpm
idm-pki-javanoarch2.el9_4idm-pki-java-11.5.0-2.el9_4.noarch.rpm
idm-pki-kranoarch2.el9_4idm-pki-kra-11.5.0-2.el9_4.noarch.rpm
idm-pki-servernoarch2.el9_4idm-pki-server-11.5.0-2.el9_4.noarch.rpm
idm-pki-toolsx86_642.el9_4idm-pki-tools-11.5.0-2.el9_4.x86_64.rpm
python3-idm-pkinoarch2.el9_4python3-idm-pki-11.5.0-2.el9_4.noarch.rpm

Показывать по

Связанные CVE

CVE-2023-4727

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2023-4727

CVSS3: 7.5
ubuntu
около 1 года назад

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.

redhat логотип

CVE-2023-4727

CVSS3: 7.5
redhat
около 1 года назад

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.

nvd логотип

CVE-2023-4727

CVSS3: 7.5
nvd
около 1 года назад

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.

debian логотип

CVE-2023-4727

CVSS3: 7.5
debian
около 1 года назад

A flaw was found in dogtag-pki and pki-core. The token authentication ...

redos логотип

ROS-20250109-02

CVSS3: 7.5
redos
5 месяцев назад

Уязвимость pki-server