CVE-2020-15720 – pki: Dogtag's python client does not validate certificates
https://notcve.org/view.php?id=CVE-2020-15720
In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the pki-server command, may have been vulnerable to Person-in-the-Middle attacks in certain non-localhost use cases. This is fixed in 10.9.0-b1. En Dogtag PKI versiones hasta 10.8.3, la clase pki.client.PKIConnection no habilitó la comprobación de certificados de peticiones de python. • https://bugzilla.redhat.com/show_bug.cgi?id=1855273 https://github.com/dogtagpki/pki/commit/50c23ec146ee9abf28c9de87a5f7787d495f0b72 https://github.com/dogtagpki/pki/compare/v10.9.0-a2...v10.9.0-b1 https://access.redhat.com/security/cve/CVE-2020-15720 • CWE-295: Improper Certificate Validation •
CVE-2019-10180 – pki-core: unsanitized token parameters in TPS resulting in stored XSS
https://notcve.org/view.php?id=CVE-2019-10180
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code. Se detectó una vulnerabilidad en todas las versiones de pki-core 10.x.x, donde el Token Processing Service (TPS) no sanea apropiadamente varios parámetros almacenados para los tokens, resultando posiblemente en una vulnerabilidad de tipo Cross Site Scripting (XSS) Almacenado. Un atacante capaz de modificar los parámetros de cualquier token podría usar este fallo para engañar a un usuario autenticado para que ejecute código JavaScript arbitrario. It was found that the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10180 https://access.redhat.com/security/cve/CVE-2019-10180 https://bugzilla.redhat.com/show_bug.cgi?id=1721137 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-1696 – pki-core: Stored XSS in TPS profile creation
https://notcve.org/view.php?id=CVE-2020-1696
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code. Se detectó un fallo en todas las versiones de pki-core 10.x.x, donde Token Processing Service (TPS) no saneaba apropiadamente los ID de perfil, permitiendo una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado cuando se imprime el ID de perfil. Un atacante con permisos suficientes podría engañar a una víctima autenticada para que ejecute un código Javascript especialmente diseñado. A flaw was found in the pki-core's Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1696 https://access.redhat.com/security/cve/CVE-2020-1696 https://bugzilla.redhat.com/show_bug.cgi?id=1780707 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-10179 – pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab
https://notcve.org/view.php?id=CVE-2019-10179
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code. Se detectó una vulnerabilidad en todas las versiones de pki-core 10.x.x, donde el Key Recovery Authority (KRA) Agent Service no saneó apropiadamente la página de búsqueda de petición de recuperación, permitiendo una vulnerabilidad de tipo Cross Site Scripting (XSS) Reflejado. Un atacante podría engañar a una víctima autenticada para que ejecute un código Javascript especialmente diseñado. It was found that the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10179 https://access.redhat.com/security/cve/CVE-2019-10179 https://bugzilla.redhat.com/show_bug.cgi?id=1695901 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-10221 – pki-core: Reflected XSS in getcookies?url= endpoint in CA
https://notcve.org/view.php?id=CVE-2019-10221
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser. Se detectó una vulnerabilidad de tipo Cross Site Scripting Reflejado en todas las versiones de pki-core 10.x.x, en el módulo pki-ca del servidor pki-core. Este fallo es debido a la falta de saneamiento de los parámetros GET URL. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10221 https://access.redhat.com/security/cve/CVE-2019-10221 https://bugzilla.redhat.com/show_bug.cgi?id=1732565 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •