Search CVE reports


Toggle filters

1 – 10 of 17 results


CVE-2023-4727

Medium priority
Needs evaluation

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in...

1 affected packages

dogtag-pki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dogtag-pki Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-2414

Medium priority
Vulnerable

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

1 affected packages

dogtag-pki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dogtag-pki Not in release Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2022-2393

Medium priority
Needs evaluation

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network...

1 affected packages

dogtag-pki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dogtag-pki Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-3551

Low priority
Needs evaluation

A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password...

1 affected packages

dogtag-pki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dogtag-pki Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-25715

Medium priority
Vulnerable

A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest...

1 affected packages

dogtag-pki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dogtag-pki Not in release Not affected Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2020-1721

Low priority
Vulnerable

A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting...

1 affected packages

dogtag-pki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dogtag-pki Not in release Needs evaluation Vulnerable Needs evaluation Needs evaluation
Show less packages

CVE-2021-20179

High priority

Some fixes available 6 of 9

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this...

1 affected packages

dogtag-pki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dogtag-pki Not in release Fixed Vulnerable Vulnerable Not affected
Show less packages

CVE-2020-15720

Medium priority
Ignored

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the...

1 affected packages

dogtag-pki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dogtag-pki Not in release Not affected Not affected Ignored Ignored
Show less packages

CVE-2019-10180

Low priority
Vulnerable

A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS)...

1 affected packages

dogtag-pki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dogtag-pki Not in release Not affected Vulnerable Vulnerable Needs evaluation
Show less packages

CVE-2020-1696

Low priority
Vulnerable

A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed....

1 affected packages

dogtag-pki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dogtag-pki Not in release Not affected Vulnerable Vulnerable Needs evaluation
Show less packages