CVE-2022-2414 – pki-core: access to external entities when parsing XML can lead to XXE

https://notcve.org/view.php?id=CVE-2022-2414

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. El acceso a entidades externas cuando son analizados documentos XML puede conllevar a ataques de tipo XML external entity (XXE). Este fallo permite a un atacante remoto recuperar potencialmente el contenido de archivos arbitrarios mediante el envío de peticiones HTTP especialmente diseñadas A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. • https://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept https://github.com/satyasai1460/CVE-2022-2414 https://github.com/superhac/CVE-2022-2414-POC https://github.com/dogtagpki/pki/pull/4021 https://access.redhat.com/security/cve/CVE-2022-2414 https://bugzilla.redhat.com/show_bug.cgi?id=2104676 • CWE-611: Improper Restriction of XML External Entity Reference •