Уязвимость пакетов dogtag-pki и pki-core, связанная с обходом аутентификации в силу исходной ошибки, позволяющая нарушителю повысить свои привилегии

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.

A flaw was found in dogtag-pki and pki-core. The token authentication ...

Уязвимость pki-server

Important: pki-core security update

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.

ELSA-2024-4367: pki-core security update (IMPORTANT)

ELSA-2024-4222: pki-core security update (IMPORTANT)

ELSA-2024-4165: pki-core security update (IMPORTANT)