CVE-2021-20179

Publication date 15 March 2021

Last updated 24 July 2024

Ubuntu priority

Cvss 3 Severity Score

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
dogtag-pki	24.10 oracular	Not in release
	24.04 LTS noble	Not in release
	23.10 mantic	Fixed 10.10.2-2
	23.04 lunar	Fixed 10.10.2-2
	22.10 kinetic	Fixed 10.10.2-2
	22.04 LTS jammy	Fixed 10.10.2-2
	21.10 impish	Fixed 10.10.2-2
	21.04 hirsute	Fixed 10.10.2-2
	20.10 groovy	Ignored end of life
	20.04 LTS focal	Vulnerable
	18.04 LTS bionic	Vulnerable
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
dogtag-pki	Upstream: https://github.com/dogtagpki/pki/pull/3474 Upstream: https://github.com/dogtagpki/pki/pull/3475 Upstream: https://github.com/dogtagpki/pki/pull/3476 Upstream: https://github.com/dogtagpki/pki/pull/3477 Upstream: https://github.com/dogtagpki/pki/pull/3478

Severity score breakdown

Parameter	Value
Base score	8.1 · High
Attack vector	Network
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	None
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVE-2021-20179

Cvss 3 Severity Score

Status

Patch details

Severity score breakdown

References

Other references