Search CVE reports
1 – 10 of 17 results
CVE-2023-4727
Medium priorityA flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in...
1 affected packages
dogtag-pki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dogtag-pki | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-2414
Medium priorityAccess to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
1 affected packages
dogtag-pki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dogtag-pki | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2022-2393
Medium priorityA flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network...
1 affected packages
dogtag-pki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dogtag-pki | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-3551
Low priorityA flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password...
1 affected packages
dogtag-pki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dogtag-pki | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-25715
Medium priorityA flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest...
1 affected packages
dogtag-pki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dogtag-pki | Not in release | Not affected | Vulnerable | Vulnerable | Vulnerable |
CVE-2020-1721
Low priorityA flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting...
1 affected packages
dogtag-pki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dogtag-pki | Not in release | Needs evaluation | Vulnerable | Needs evaluation | Needs evaluation |
CVE-2021-20179
High prioritySome fixes available 6 of 9
A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this...
1 affected packages
dogtag-pki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dogtag-pki | Not in release | Fixed | Vulnerable | Vulnerable | Not affected |
CVE-2020-15720
Medium priorityIn Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the...
1 affected packages
dogtag-pki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dogtag-pki | Not in release | Not affected | Not affected | Ignored | Ignored |
CVE-2019-10180
Low priorityA vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS)...
1 affected packages
dogtag-pki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dogtag-pki | Not in release | Not affected | Vulnerable | Vulnerable | Needs evaluation |
CVE-2020-1696
Low priorityA flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed....
1 affected packages
dogtag-pki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dogtag-pki | Not in release | Not affected | Vulnerable | Vulnerable | Needs evaluation |