CVSS: 7.5EPSS: 3%CPEs: 7EXPL: 3CVE-2022-2414 – pki-core: access to external entities when parsing XML can lead to XXE
https://notcve.org/view.php?id=CVE-2022-2414
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. El acceso a entidades externas cuando son analizados documentos XML puede conllevar a ataques de tipo XML external entity (XXE). Este fallo permite a un atacante remoto recuperar potencialmente el contenido de archivos arbitrarios mediante el envío de peticiones HTTP especialmente diseñadas A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. • https://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept https://github.com/satyasai1460/CVE-2022-2414 https://github.com/superhac/CVE-2022-2414-POC https://github.com/dogtagpki/pki/pull/4021 https://access.redhat.com/security/cve/CVE-2022-2414 https://bugzilla.redhat.com/show_bug.cgi?id=2104676 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2021-3551 – pki-server: Dogtag installer "pkispawn" logs admin credentials into a world-readable log file
https://notcve.org/view.php?id=CVE-2021-3551
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality. Se ha encontrado un fallo en el servidor PKI, donde el comando spkispawn, cuando es ejecutado en modo de depuración, almacena las credenciales de administrador en el archivo de registro de la instalación. Este fallo permite a un atacante local recuperar el archivo para obtener la contraseña de administrador y alcanzar privilegios de administrador en el administrador de Dogtag CA. • https://bugzilla.redhat.com/show_bug.cgi?id=1959971 https://access.redhat.com/security/cve/CVE-2021-3551 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 0CVE-2021-20179 – pki-core: Unprivileged users can renew any certificate
https://notcve.org/view.php?id=CVE-2021-20179
A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity. Se encontró un fallo en pki-core. Un atacante que haya comprometido con éxito una clave podría usar este fallo para renovar el certificado correspondiente una y otra vez, siempre que no se revoque explícitamente. • https://bugzilla.redhat.com/show_bug.cgi?id=1914379 https://github.com/dogtagpki/pki/pull/3474 https://github.com/dogtagpki/pki/pull/3475 https://github.com/dogtagpki/pki/pull/3476 https://github.com/dogtagpki/pki/pull/3477 https://github.com/dogtagpki/pki/pull/3478 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDOLFOLEIV7I4EUC3SCZBXL6E2ER7ZEN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRE44N6P24AEDKRMWK7 • CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1721 – pki-core: KRA vulnerable to reflected XSS via the getPk12 page
https://notcve.org/view.php?id=CVE-2020-1721
A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code. Se detectó un fallo en el Agent Service de Key Recovery Authority (KRA) en pki-core versión 10.10.5, donde no sanea apropiadamente el ID de recuperación durante una petición de recuperación de clave, permitiendo una vulnerabilidad de tipo cross-site scripting (XSS) reflejado. Un atacante podría engañar a una víctima autenticada para que ejecute un código Javascript especialmente diseñado. A flaw was found in the Key Recovery Authority (KRA) Agent Service where it did not properly sanitize the recovery ID during a key recovery request, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. • https://bugzilla.redhat.com/show_bug.cgi?id=1777579 https://access.redhat.com/security/cve/CVE-2020-1721 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •